安全ID : QSA-21-19
Improper Access Control Vulnerability in Legacy HBS 3 (Hybrid Backup Sync)
发布日期 : July 6, 2021
通用漏洞披露 : CVE-2021-28809
受影响产品: QNAP NAS running HBS 3
严重程度
严重
状态
已解决
Summary
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3 (Hybrid Backup Sync). If exploited, this vulnerability allows attackers to compromise the security of the operating system.
We have already fixed this vulnerability in the following versions of HBS 3:
- HBS 3 v18.0.1012 and later
Recommendation
To fix the vulnerability, we recommend updating HBS 3 to the latest version.
Updating HBS 3
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “HBS 3 Hybrid Backup Sync” and then press ENTER.
HBS 3 appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your HBS 3 is already up to date. - Click OK.
The application is updated.
致谢: Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro’s Zero Day Initiative
修订历史: V1.0 (July 6, 2021) - Published
