Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. The eight vulnerabilities patched today affect all NAP NAS devices running vulnerable software. Command injection and cross-site scripting (XSS) security bugs the company rated as medium and high severity security issues. The XSS vulnerabilities could allow remote attackers to inject malicious code within vulnerable application versions. The company urges customers to update their systems to the latest version to prevent future attacks from impacting their devices.
Source: https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/