QNAP announced two vulnerabilities affecting QTS, the operating system powering its network-attached storage devices, that could allow running arbitrary commands. The bugs are remotely exploitable and have been reported in versions of the software released before September 8, 2020. Users that have updated the QTS operating system to at least version QTS 4.4.3.1421 build 20200907 have nothing to worry about. The company does not provide too many details about the two issues but says recent QTS releases include the necessary patches.
Source: https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-qts-bugs-that-allow-take-over-of-devices/