Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. The vulnerability affects certain legacy versions of HBS 3 Hybrid Backup Sync. The flaw was reported to the vendor by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs. If exploited, this vulnerability allows attackers to compromise the security of the operating systems operating system. The vendor addressed the flaw in the following versions of the software.”]
Source: https://securityaffairs.co/wordpress/119750/hacking/qnap-nas-critical-flaw.html