Below are patches I wrote for various Thecus® models to fix or work around issues in the firmware.
allow_url_fopen should be disabled in php.ini to prevent remote file inclusions in the WebUI (such as in usr/usrgetform.html).
English
Deutsch