QNAP has released a security advisory to address a critical vulnerability (CVE-2021-28809) for its NAS running Hybrid Backup Sync 3 (HBS 3), a disaster recovery and data backup solution.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to escalate privileges, perform remote code execution, or access data on the NAS. An attacker could also reset the NAS to factory mode, which would wipe all data from the devices.
Administrators and users are advised to update their HBS 3 firmware to the latest versions immediately.
- QTS 4.3.6: HBS 3 v3.0.210507 and later
- QTS 4.3.4: HBS 3 v3.0.210506 and later
- QTS 4.3.3: HBS 3 v3.0.210506 and later
Note: QNAP NAS running QTS 4.5.x with HBS 3 v16.x are not affected.
More information is available here: