If you use your Qnap NAS for video surveillance, you should update the QVR software as soon as possible. The developers have closed three security holes in it. It is currently unknown whether there are already attacks.
Two vulnerabilities (CVE-2021-34348, CVE-2021-34351) are associated with the threat level “critical“classified. According to the information available attackers could exploit the holes remotely and then execute their own commands on devices. Based on the classification, it can be assumed that devices are then completely compromised. It is not yet known how attacks could take place in detail. The third loophole (CVE-2021-34349) is with “high“Here too, attackers could execute their own commands after successful attacks.
As indicated by a warning from Qnap, some devices are affected that are no longer in support (EOL). Nevertheless, the developers deliver those that are protected against the attacks described QVR-Version 5.1.5 build 20210803 also for EOL devices.
(from)
