Vulnerability Description
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Hybrid Backup Sync | < 16.0.0415 |
| Qnap | Qts | 4.5.2 |
| Qnap | Quts Hero | h4.5.1 |
| Qnap | Qutscloud | >= c4.5.1, <= c4.5.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/QSA-21-13Vendor Advisory
- https://www.qnap.com/en/security-advisory/QSA-21-13Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-28799?
CVE-2021-28799 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This is...
How severe is CVE-2021-28799?
CVE-2021-28799 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-28799?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Hybrid Backup Sync, Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.