Actively exploited Roon Server zero-day reported by QNAP

Is this specific to the QNAP version of Roon server or does it apply to all versions? What is the status of Roon’s investigation?