QNAP has warned customers of critical flaws in some of their products. A remote attacker can exploit these vulnerabilities to trigger remote code execution on the targeted system. These vulnerabilities currently affect the following QNAP operating system versions - QuTScloud c5.0.x, QTS versions 5.0.x, 4.5.4, 4.3.6, 4.3.4, 4.3.3, 4.2.6 and later, QuTS hero versions h5.0.x, h4.5.4 and later. Vulnerabilities were fixed in QTS 4.5.4.2012 build 20220419. QNAP also urges customers to disable the AFP protocol on their NAS devices until it fixes critical flaws in its all affected systems.

More information on vulnerabilities and updates is available in QNAP security advisory – qnap.com.