This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
Published December 29, 2020.
Qnap Quts Hero
Qnap Qts