Medium
QNAP QES could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Obtain Information
QNAP
QNAP QES 2.1
Update to the latest version QES 2.1.1.