Network-attached storage (NAS) maker QNAP has patched its QVR video management system against critical-severity issues that could be exploited to run arbitrary commands. QNAP announced that it fixed two command injection vulnerabilities (CVE-2021-38685, CVE-2021-38686) in the QVR software. QNAP has already fixed these vulnerabilities in the QVR 5.1.6 build 20211109.

Source: qnap.com