There are many models in QNAP and Synology that are powered by these processors, so in theory your data could be vulnerable in your NAS too.
Which Models of NAS are Vulnerable
In Theory, any NAS that is powered by an effected processor is vulnerable. In Practice though, unless you have a rouge application installed on your NAS , there is very little chance that your data could leak. These vulnerabilities rely on something called as "Speculative Execution" , and require a local application to exploit it. Say when a rouge website can steal the information from another Running program on your PC , or from the PC memory. With Virtual machines running on your NAS and Applications running on containers, the risk increases.So far, there haven't been any reports of any data breach due to this pair of vulnerabilities in NAS products, but both QNAP and Synology have confirmed that they are working on software patches to fix the vulnerability.
Till the Patches are available
Till the patches are available, you should try and1. Not install any untrusted application on NAS
2. Don't run any untrusted VM or Container App.
3. Ensure all the users on NAS are secured and have appropriate privileges only.
Severability of the Risk
Meltdown is easier to exploit but is also easier to patch. Spectre is difficult to exploit and the patches will be rolled out slowly too. So far there are no reports of anybody exploiting these, but then maybe they have gone un noticed. What makes it severe is that it lies in the hardware chipset itself, so potentially millions of machines are vulnerable. A software that was secure in past may turn into an exploit tool with these vulnerabilities.Goods news is that there is no report of exploit so far , and the patches are in work. Keep an eye on the updates and install as soon as available, even if it makes your PC slow.
