An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2;
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411…
| Vendor | Product | Versions |
|---|---|---|
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 2 | all versions |
| QNAP Systems Inc. | HBS 1.3 | all versions |
Yes — actively exploited. Added to the CISA KEV catalog on 2022-03-31. Ransomware use: Known.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.