Threat Encyclopedia



This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in QNAP NAS running HBS 3 (Hybrid Backup Sync).
The vulnerability is due to a hard-coded session ID. A remote, unauthenticated attacker can exploit this by sending a crafted HTTP request to the target server. Successful exploitation of this vulnerability could lead to arbitrary command execution within the context of the application.

affected-products-logoAffected Products

This issue affects: QNAP Systems Inc. HBS 3 versions prior to:
QTS 4.5.2: HBS 3 v16.0.0415
QTS 4.3.6: HBS 3 v3.0.210412
QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411
QuTS hero h4.5.1: HBS 3 v16.0.0419
QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References