VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains scripts which could allow any user e.g. guest users to execute scripts which run with administrative privileges. It is possible to execute code on the webserver using the ping function.

• http://www.kb.cert.org/vuls/id/927644
• http://www.qnap.com/

---

Updated on 2017-03-28