QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. Date published :