Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in QNAP Network Attached Storage (NAS)
Alerts

Critical Vulnerability in QNAP Network Attached Storage (NAS)

6 July 2021

QNAP has released a security advisory to address a critical vulnerability (CVE-2021-28809) for its NAS running Hybrid Backup Sync 3 (HBS 3), a disaster recovery and data backup solution.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to escalate privileges, perform remote code execution, or access data on the NAS. An attacker could also reset the NAS to factory mode, which would wipe all data from the devices.

Administrators and users are advised to update their HBS 3 firmware to the latest versions immediately.

  • QTS 4.3.6: HBS 3 v3.0.210507 and later

  • QTS 4.3.4: HBS 3 v3.0.210506 and later

  • QTS 4.3.3: HBS 3 v3.0.210506 and later

Note: QNAP NAS running QTS 4.5.x with HBS 3 v16.x are not affected.

More information is available here:
https://www.qnap.com/en-us/security-advisory/QSA-21-19

Back to top