QNAP has fixed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNap network-attached storage (NAS) devices. The two security issues are tracked as CVE-2020-2506 and CVE-2019-2507 according to a security advisory published today. The vulnerabilities are both improper access control vulnerabilities that “could allow attackers to obtain control of a QNA device”” if successfully exploited. The bugs’ severity rating is listed in the security advisory. Customers should update the app to the latest available version as soon as possible.”
Source: https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/