QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
https://www.qnap.com/en/support/con_show.php?cid=113
https://www.qnap.com/en-us/releasenotes/
https://www.exploit-db.com/exploits/41842/
http://www.securitytracker.com/id/1038091