CVE-2021-28799

🗓️ 13 May 2021 02:55:13Reported by qnapType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 1127 Views

CVE-2021-28799: Improper authorization vulnerability in QNAP NAS HBS

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2021-28799	22 Apr 202100:00	–	attackerkb
BDU FSTEC	The vulnerability of the HBS 3 (Hybrid Backup Sync) backup and disaster recovery application for QTS operating systems, related to access control deficiencies, allows attackers to escalate their privileges.	21 Oct 202100:00	–	bdu_fstec
Circl	CVE-2021-28799	23 May 202116:44	–	circl
CISA KEV Catalog	QNAP NAS Improper Authorization Vulnerability	31 Mar 202200:00	–	cisa_kev
CNNVD	QNAP Systems HBS 3 安全漏洞	23 Apr 202100:00	–	cnnvd
CNVD	Qnap Systems QNAP HBS 3 Authorization Issues Vulnerability	26 Apr 202100:00	–	cnvd
Check Point Advisories	QNAP NAS Command Injection (CVE-2021-28799)	10 Apr 202200:00	–	checkpoint_advisories
Cvelist	CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)	13 May 202102:55	–	cvelist
Malwarebytes	5 Linux malware families SMBs should protect themselves against	8 Jun 202213:43	–	malwarebytes
Nuclei	QNAP HBS 3 - Broken Access Control	17 Jun 202605:14	–	nuclei

NVD

Node

qnap hybrid_backup_syncRange<16.0.0415

AND

qnap qtsMatch4.5.2

Node

qnap hybrid_backup_syncRange<3.0.210412

AND

qnap qtsMatch4.3.6

Node

qnap hybrid_backup_syncRange<3.0.210411

AND

qnap qtsMatch4.3.3

qnap qtsMatch4.3.4

Node

qnap hybrid_backup_syncRange<16.0.0419

AND

qnap quts_heroMatchh4.5.1

Node

qnap hybrid_backup_syncRange<16.0.0419

AND

qnap qutscloudRangec4.5.1–c4.5.4

[
  {
    "platforms": [
      "QTS 4.5.2"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v16.0.0415",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.6"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v3.0.210412",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.4"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v3.0.210411",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QTS 4.3.3"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v3.0.210411",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTS hero h4.5.1"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v16.0.0419",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QuTScloud c4.5.1~c4.5.4"
    ],
    "product": "HBS 3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "v16.0.0419",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "HBS 2",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "status": "unaffected",
        "version": "all versions"
      }
    ]
  },
  {
    "product": "HBS 1.3",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "status": "unaffected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/QSA-21-13
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

17 Jun 2026 03:46Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

CVSS 3.19.8 - 10

EPSS0.78395

SSVC