NA

CVE-2021-28799

Published: 13/05/2021 Updated: 13/05/2021

Vulnerability Summary

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote malicious users to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Recent Articles

QNAP removes backdoor account in NAS backup, disaster recovery app
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.
The hard-coded credentials vulnerability tracked as
was found by Taiwan-based
in 
, the company's disaster recovery and data backup solution. 
The company says that the security bug is already fixed in the following HBS versions and advises customers to update the software to the latest released version:
...