Anyone who owns a NAS from Qnap and uses the Hybrid Backup Sync (HBS 3) app should update the system for security reasons. Otherwise, attackers could compromise devices after successful attacks.
Unauthorized access to systems is conceivable due to insufficient control. How attacks could take place in detail does not currently run Qnap in a security warning.
To prevent attacks on thecritical“Classified vulnerability (CVE-2021-28809), Qnap has released the following QTS operating system versions with secured HBS-3 editions.
- QTS 4.3.6: HBS 3 v3.0.210507
- QTS 4.3.4: HBS 3 v3.0.210506
- QTS 4.3.3: HBS 3 v3.0.210506
Qnap states that NAS systems with QTS 4.5.x HBS 3 v16.x are not at risk. Admins can install the repaired HBS-3 versions through the App Center.
In May 2021, an HBS-3 vulnerability (CVE-2021-28799) made headlines through which the Qlocker extortion trojan sneaked onto devices.