Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
Although a patch was released two weeks ago when the bug was publicly disclosed, QNAP explained that its customers would have to wait until the company released its own security updates.