Security News > 2021 > July > QNAP fixes critical bug in NAS backup, disaster recovery app

QNAP fixes critical bug in NAS backup, disaster recovery app
2021-07-05 18:48

Taiwan-based network-attached storage maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.

The improper access control vulnerability tracked as CVE-2021-28809 was found by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs in HBS 3 Hybrid Backup Sync, QNAP's disaster recovery and data backup solution.

To update HBS on your NAS device, you have to log into QTS or QuTS hero as administrator, search for "HBS 3 Hybrid Backup Sync" in the App Center, and then click Update and OK to update the app.

According to the company, QNAP NAS devices running QTS 4.5.x with HBS 3 v16.

QNAP fixed another critical security vulnerability found in the HBS 3 Hybrid Backup Sync backup and disaster recovery app in April.

Customers who want to secure their NAS devices from incoming attacks are advised to follow these best practices for enhancing NAS security.


News URL

https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-in-nas-backup-disaster-recovery-app/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-28809 Unspecified vulnerability in Qnap Hybrid Backup Sync 3.0.210411/3.0.210412/3.0.210506
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3.
network
low complexity
qnap
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299