Still though, Dynamic DNS points to an external IP address, which you’d have your NAS exposed on a public port. This is the flaw in the design which allows remote execution of this exploit.
If you need remote access to the NAS, it should not be publicly exposed and should require a VPN to access. That way if there is an issue or misconfiguration, everyone on the internet can’t exploit it easily.
Dynamic DNS has solved that for 20+ years. Just need a domain name, and a utility to update the IP when it changes.
That said, my IP hasn’t changed in over 5 years now.
Dynamic DNS is useless if you’re on CGNAT.
Still though, Dynamic DNS points to an external IP address, which you’d have your NAS exposed on a public port. This is the flaw in the design which allows remote execution of this exploit.
If you need remote access to the NAS, it should not be publicly exposed and should require a VPN to access. That way if there is an issue or misconfiguration, everyone on the internet can’t exploit it easily.