The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2507
Reference (s):
- https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
- URL: https://www.qnap.com/zh-tw/security-advisory/qsa-20-08