Summary
QNAP security updates address a vulnerability with a severity of “critical” in HBS 3 Hybrid Backup Sync. This vulnerability, if exploited, could allow a remote attacker to execute arbitrary code.
Risk
Vulnerability community impact estimate: HIGH/ORANGE (66.41/100)1.
Type
- Remote Code Execution
Affected products and versions
HBS 3 Hybrid Backup Sync
- 25.1.x, versions prior to 25.1.1.673
Mitigation actions
In line with vendor statements, it is recommended to update affected products by following the guidance in the security bulletin available in the References section.
Unique Vulnerability Identifiers
References
https://www.qnap.com/en/security-advisory/qsa-24-41
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.