QNAP addressed two critical flaws in the Helpdesk app, that could potentially allow attackers to take control over unpatched QNAP network-attached storage (NAS) devices.
According to a security advisory, the issues QNAP fixed are tracked as CVE-2020-2506 and CVE-2020-2507. QNAP stated that these flaws are fixed in Helpdesk 3.0.3 and later and that customers should update the app to avoid the flaws.
In order to update, users need to log on to their devices as admin and look for the Helpdesk updates through App Center.
QNAP recently published a warning about an increasing amount of ransomware attacks on publicly exposed NAS storage devices. To avoid your device being compromised, it is recommended to install the latest QTS update as well as not exposing the QTS Administration page or the QTS apps to the Internet.