The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities.
CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022
An authenticated attacker without administrative permissions may upload a malicious file, such as a PHP script, to the QNAP Signage Station server. The attacker is then able to access the uploaded file via a predictable URL and execute the script. The script is executed on the server with administrator permissions.
An unauthenticated user may be able to execute commands on the server with system privileges.
Apply an update
Thanks to Mark Woods for reporting these vulnerabilities.
This document was written by Garret Wassermann.