Network-attached storage (NAS) maker QNAP has patched its QVR video management system against critical-severity issues that could be exploited to run arbitrary commands.

QNAP announced that it fixed three command injection vulnerabilities ( CVE-2021-34351, CVE-2021-34348, CVE-2021-34349) in the QVR software for managing video surveillance.

QNAP notes that the critical vulnerabilities affect certain QNAP EOL devices running QVR. QNAP has already fixed these vulnerabilities in the QVR 5.1.5 build 20210803.

Source: bleepingcomputer.com