QNAP has fixed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. The company also fixed a medium severity cross-site scripting (XSS) vulnerability affecting earlier versions of the Photo Station app. Customers should update both apps to the latest available versions as soon as possible. The security bug was addressed in Photo Station 6.0.11 and later, and it can be installed from the company’s QTS App Center.
Source: https://www.bleepingcomputer.com/news/security/qnap-patches-critical-vulnerability-in-surveillance-station-nas-app/