Two critical zero-day bugs affect legacy QNAP NAS storage hardware, and expose devices to remote unauthenticated attackers. The bugs, tracked as CVE-2020-2509 and CVE-2021-36195, impact QNap s model TS-231 network attached storage (NAS) hardware, allowing an attacker to manipulate stored data and hijack the device. The vulnerabilities, also impact some non-legacy models of the company’s NAS gear. A patch for the now-retired QNAN S231 NAS device, first released in 2015, is scheduled to be released within weeks.
Source: https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/