9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Affected (4)
Products: Qnap: Hybrid Backup Sync
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.0.0415 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.5.2 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.0.210412 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.6 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.0.210411 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qts | Version 4.3.3 |
Configuration D
| Running on/with | Platform Versions |
|---|---|
Qnap Quts Hero | Version h4.5.1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.0.0419 |
| Running on/with | Platform Versions |
|---|---|
Qnap Qutscloud | From c4.5.1 to c4.5.4 |
References (3)
Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.