Search

Security ID : QSA-21-19

Improper Access Control Vulnerability in Legacy HBS 3 (Hybrid Backup Sync)

  • Release date : July 6, 2021

  • CVE identifier : CVE-2021-28809

  • Affected products: QNAP NAS running HBS 3

Severity

Critical

Status

Resolved

Summary

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3 (Hybrid Backup Sync). If exploited, this vulnerability allows attackers to compromise the security of the operating system.

We have already fixed this vulnerability in the following versions of HBS 3:

  • HBS 3 v18.0.1012 and later

Recommendation

To fix the vulnerability, we recommend updating HBS 3 to the latest version.

Updating HBS 3

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “HBS 3 Hybrid Backup Sync” and then press ENTER.
    HBS 3 appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your HBS 3 is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro’s Zero Day Initiative

Revision History: V1.0 (July 6, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top