Rewterz Threat Advisory –CVE-2021-28809 – QNAP Improper Access Control Vulnerability
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3 (Hybrid Backup Sync). If exploited, this vulnerability allows attackers to compromise the security of the operating system.
QTS 4.3.6 HBS 3 v3.0.210507 and later
QTS 4.3.4 HBS 3 v3.0.210506
QTS 4.3.3 HBS 3 v3.0.210506
Log on to QTS or QuTS hero as administrator.
Open the App Center and then click . A search box appears.
Type “HBS 3 Hybrid Backup Sync” and then press ENTER. HBS 3 appears in the search results.
Click Update. A confirmation message appears. Note: The Update button is not available if your HBS 3 is already up to date.