QNAP Poisoned XML Command Injection (Silently Patched) | Rapid7 Blog

https://www.rapid7.com/blog/post/2022/08/04/qnap-poisoned-xml-command-injection-silently-patched/