QNAP fixes critical bug in NAS backup, disaster recovery app

2021-07-05 18:48

Taiwan-based network-attached storage maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.

The improper access control vulnerability tracked as CVE-2021-28809 was found by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs in HBS 3 Hybrid Backup Sync, QNAP's disaster recovery and data backup solution.

To update HBS on your NAS device, you have to log into QTS or QuTS hero as administrator, search for "HBS 3 Hybrid Backup Sync" in the App Center, and then click Update and OK to update the app.

According to the company, QNAP NAS devices running QTS 4.5.x with HBS 3 v16.

QNAP fixed another critical security vulnerability found in the HBS 3 Hybrid Backup Sync backup and disaster recovery app in April.

Customers who want to secure their NAS devices from incoming attacks are advised to follow these best practices for enhancing NAS security.

News URL

https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-in-nas-backup-disaster-recovery-app/

#backup #critical #disaster #disasterrecovery #NAS #qnap #CVE-2021-28809

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-08	CVE-2021-28809	Missing Authentication for Critical Function vulnerability in Qnap Hybrid Backup Sync 3.0.210411/3.0.210412 An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. network low complexity qnap CWE-306 critical	10.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Qnap		93	15	113	112	32	272

News URL

Related news

Related Vulnerability

Related vendor