This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device’s localhost interface, which can be accomplished using a malicious TURN server. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2024-32764.

Read More