QNAP had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Unquoted Service Path Vulnerability in QNAP NetBak Replicator
An unquoted service path vulnerability is reported to affect the service “QVssService” in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges.
We have already fixed this issue in QNAP NetBak Replicator 126.96.36.1998.