CVE-2021-28809

CWE-284Improper Access ControlCWE-306Missing AuthenticationCWE-7493 documents3 sources
Severity
9.8CRITICAL
EPSS
0.6%
top 31.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. HBS 3Qnap Hybrid Backup Sync
Timeline
PublishedJul 8
Latest updateMay 24

Description

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc./hbs_3unspecifiedv3.0.210507+1
NVDqnap/hybrid_backup_sync< 3.0.210507+1

🔴Vulnerability Details

2
GHSA
GHSA-fwr8-wff7-fmxw: An improper access control vulnerability has been reported to affect certain legacy versions of HBS 32022-05-24
CVEList
Missing Authentication for Critical Function in RTRR Server in HBS32021-07-08
CVE-2021-28809 (CRITICAL CVSS 9.8) | An improper access control vulnerab | cvebase.io