An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later
                
            References
                    | Link | Resource | 
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-21-19 | Vendor Advisory | 
| https://www.zerodayinitiative.com/advisories/ZDI-21-783/ | Third Party Advisory VDB Entry | 
| https://www.qnap.com/en/security-advisory/qsa-21-19 | Vendor Advisory | 
| https://www.zerodayinitiative.com/advisories/ZDI-21-783/ | Third Party Advisory VDB Entry | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
Configuration 3 (hide)
| AND | 
 
 | 
History
                    21 Nov 2024, 06:00
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://www.qnap.com/en/security-advisory/qsa-21-19 - Vendor Advisory | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-21-783/ - Third Party Advisory, VDB Entry | 
12 Jul 2021, 16:37
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : 10.0 v3 : 9.8 | 
| CPE | cpe:2.3:o:qnap:qts:4.3.3:-:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4:-:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:* cpe:2.3:a:qnap:hybrid_backup_sync:*:*:*:*:*:*:*:* | |
| References | 
 | |
| References | (MISC) https://www.qnap.com/en/security-advisory/qsa-21-19 - Vendor Advisory | 
08 Jul 2021, 12:14
| Type | Values Removed | Values Added | 
|---|---|---|
| CWE | CWE-306 CWE-749 CWE-284 | 
08 Jul 2021, 08:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2021-07-08 08:15
Updated : 2024-11-21 06:00
NVD link : CVE-2021-28809
Mitre link : CVE-2021-28809
CVE.ORG link : CVE-2021-28809
JSON object : View
Products Affected
                qnap
- qts
- hybrid_backup_sync
