Security News > 2021 > July > QNAP fixes critical bug in NAS backup, disaster recovery app
Taiwan-based network-attached storage maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.
The improper access control vulnerability tracked as CVE-2021-28809 was found by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs in HBS 3 Hybrid Backup Sync, QNAP's disaster recovery and data backup solution.
To update HBS on your NAS device, you have to log into QTS or QuTS hero as administrator, search for "HBS 3 Hybrid Backup Sync" in the App Center, and then click Update and OK to update the app.
According to the company, QNAP NAS devices running QTS 4.5.x with HBS 3 v16.
QNAP fixed another critical security vulnerability found in the HBS 3 Hybrid Backup Sync backup and disaster recovery app in April.
Customers who want to secure their NAS devices from incoming attacks are advised to follow these best practices for enhancing NAS security.
News URL
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-08 | CVE-2021-28809 | Missing Authentication for Critical Function vulnerability in Qnap Hybrid Backup Sync 3.0.210411/3.0.210412 An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. | 10.0 |