This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25847
Reference (s):
- https://www.qnap.com/en/security-advisory/qsa-20-20
- URL: https://www.qnap.com/en/security-advisory/qsa-20-20