Skip to main content

QNAP NAS Security Restriction Bypass Vulnerability

Release Date: 9 Jul 2021 5545 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified in QNAP NAS, a remote attacker could exploit this vulnerability to trigger security restriction bypass, sensitive information disclosure and tampering on the targeted system.


Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • QNAP NAS running HBS 3
  • Note: QTS 4.5.x with HBS 3 v16.x is not affected

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

  • QTS 4.3.6: HBS 3 v3.0.210507 and later
  • QTS 4.3.4: HBS 3 v3.0.210506 and later
  • QTS 4.3.3: HBS 3 v3.0.210506 and later

Vulnerability Identifier


Source


Related Link

https://www.qnap.com/en-us/security-advisory/QSA-21-19