Severity

High

Analysis Summary

CVE-2021-28809

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3 (Hybrid Backup Sync). If exploited, this vulnerability allows attackers to compromise the security of the operating system.

Impact

• Unauthorized Access

Affected Vendors

QNAP

Affected Products

• QTS 4.3.6 HBS 3 v3.0.210507 and later
• QTS 4.3.4 HBS 3 v3.0.210506
• QTS 4.3.3 HBS 3 v3.0.210506

Remediation

1. Log on to QTS or QuTS hero as administrator.
2. Open the App Center and then click .
   A search box appears.
3. Type “HBS 3 Hybrid Backup Sync” and then press ENTER.
   HBS 3 appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your HBS 3 is already up to date.
5. Click OK.