CVEs and Other Security Findings

CVE-2017-12078 • CVE-2017-12075 – Blind OS Command Injection (RCE)
CVE-2017-12077 CVE-2017-12076 • CVE-2017-12074 • CVE-2017-9555 DoS via Port Forwarding Rule Updates, Path Traversal and File Write, XSS
CVE-2017-7641 • CVE-2017-7640 • CVE-2017-7638 • CVE-2017-7634 XSS, Authentication Bypass, OS Command Injection (RCE), CSRF Missing
CVE-2017-7639 • CVE-2017-7637 • CVE-2017-7636 • CVE-2017-7635 CSRF Missing, XSS, OS Command Injection (RCE), Authentication Bypass
CVE-2017-7633 – Over the wire credential exposure
CVE-2017-7632 • CVE-2017-7631 • CVE-2017-7630 • CVE-2017-7629 Two XSS injections, Old Password Verification Bypass on Change, Information Disclosure
CVE-2012-0050 DTLS packet injection allowing remote attackers to crash clients and servers running OpenSSL
Multiple QNAP findings addressed at DEF CON’s Packet Hacking Village: From XSS to Root on Your NAS