An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2;
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411…
Apply updates per vendor instructions.
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
| Vendor | Product | Versions |
|---|---|---|
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 3 | unspecified |
| QNAP Systems Inc. | HBS 2 | all versions |
| QNAP Systems Inc. | HBS 1.3 | all versions |
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection: