CVE-2021-28799 PoC — QNAP Systems HBS 3 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-28799.yaml

Associated Vulnerability

Title:QNAP Systems HBS 3 安全漏洞 (CVE-2021-28799)
Description:QNAP Systems HBS 3是中国威联通科技（QNAP Systems）公司的一个应用系统。一种全面的数据备份和灾难恢复解决方案。 QNAP Systems HBS 3 Hybrid Backup Sync 存在安全漏洞，该漏洞源于没有充分的授权检查。攻击者可利用该漏洞可以绕过授权检查，直接登录设备。

Description

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .

File Snapshot


 id: CVE-2021-28799

info:
  name: QNAP HBS 3 - Broken Access Control
  author: daffainfo
  severity:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!