Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-28799
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
QNAP Systems HBS 3 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
QNAP Systems HBS 3是中国威联通科技(QNAP Systems)公司的一个应用系统。一种全面的数据备份和灾难恢复解决方案。 QNAP Systems HBS 3 Hybrid Backup Sync 存在安全漏洞,该漏洞源于没有充分的授权检查。攻击者可利用该漏洞可以绕过授权检查,直接登录设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
QNAP Systems Inc.HBS 3 unspecified ~ v16.0.0415 -
QNAP Systems Inc.HBS 3 unspecified ~ v3.0.210412 -
QNAP Systems Inc.HBS 3 unspecified ~ v3.0.210411 -
QNAP Systems Inc.HBS 3 unspecified ~ v3.0.210411 -
QNAP Systems Inc.HBS 3 unspecified ~ v16.0.0419 -
QNAP Systems Inc.HBS 3 unspecified ~ v16.0.0419 -
QNAP Systems Inc.HBS 2 all versions -
QNAP Systems Inc.HBS 1.3 all versions -
II. Public POCs for CVE-2021-28799
#POC DescriptionSource LinkShenlong Link
1An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 . https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-28799.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-28799
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: HBS 3
Same vendor: QNAP Systems Inc.
Same weakness: CWE-285
V. Comments for CVE-2021-28799

No comments yet

Leave a comment