QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
>> ARCHIVE: 2016-08
TOPSEC Firewalls – Remote Code Execution (ELIGIBLEBOMBSHELL)
Fortigate Firewalls – Remote Code Execution (EGREGIOUSBLUNDER)
TOPSEC Firewalls – Remote Code Execution (ELIGIBLECONTESTANT)
SIEMENS IP Cameras (Multiple Models) – Credential Disclosure / Configuration Download
MESSOA IP-Camera NIC990 – Auth Bypass / Configuration Download
JVC IP-Camera VN-T216VPRU – Credentials Disclosure
Windows – Fileless UAC Protection Bypass Privilege Escalation (Metasploit)
TOSHIBA IP-Camera IK-WP41A – Auth Bypass / Configuration Download
ZYCOO IP Phone System – Remote Command Execution