I had to Google
DNS rebinding. Seems like a bit of a long shot to be honest especially if you have your own DNS server and Web protection in place.
Still it is no excuse for these devices to be vulnerable. The article was also sparse on QNAP details, are they the worst? Doubt it could traverse the subnet but.... Asking for a friend.