QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS …

code code execution command command injection devices end entry firmware hero high injection nas network operating system qnap remote code remote code execution storage system unauthenticated vulnerability