Posted by polict of Shielder via Fulldisclosure on May 27

QNAP MusicStation (5M+ installs) and MalwareRemover (pre-installed and
“non-removable”) official apps are affected by an arbitrary file upload
and a command injection vulnerabilities, leading to pre-auth remote
command execution with root privileges on the NAS.

QNAP has already released updates with patches in April.

The technical details are available at…
Read More – Full Disclosure

By |2021-05-28T07:19:03-04:00May 28th, 2021|