https://www.bleepingcomputer.com/news/security/qnap-patches-critical-vulnerability-in-surveillance-station-nas-app/

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software.

Surveillance Station is QNAP's network surveillance Video Management System (VMS), a software solution that can help users manage and monitor up to 12 IP cameras.