Description
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later
Affected Software
Related
{"id": "CVE-2021-28809", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-28809", "description": "An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later", "published": "2021-07-08T08:15:00", "modified": "2021-07-12T16:37:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28809", "reporter": "security@qnap.com", "references": ["https://www.qnap.com/en/security-advisory/qsa-21-19", "https://www.zerodayinitiative.com/advisories/ZDI-21-783/"], "cvelist": ["CVE-2021-28809"], "immutableFields": [], "lastseen": "2022-03-23T16:42:54", "viewCount": 111, "enchantments": {"dependencies": {"references": [{"type": "zdi", "idList": ["ZDI-21-783"]}], "rev": 4}, "score": {"value": 4.3, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-07-09T18:17:22", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1414630833051377670", "text": " NEW: CVE-2021-28809 An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the ope... (click for more) Severity: CRITICAL https://t.co/ITrswUwVW5?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1414630833051377670", "text": " NEW: CVE-2021-28809 An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the ope... (click for more) Severity: CRITICAL https://t.co/ITrswUwVW5?amp=1"}]}, "backreferences": {"references": [{"type": "zdi", "idList": ["ZDI-21-783"]}]}, "exploitation": null, "vulnersScore": 4.3}, "_state": {"dependencies": 1659909890, "score": 1659846169}, "_internal": {"score_hash": "0f2c43f7241065f4367a9086459b8bac"}, "cna_cvss": {"cna": "QNAP Systems, Inc.", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "score": 9.8}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-306", "CWE-749", "CWE-284"], "affectedSoftware": [{"cpeName": "qnap:hybrid_backup_sync", "version": "3.0.210507", "operator": "lt", "name": "qnap hybrid backup sync"}, {"cpeName": "qnap:hybrid_backup_sync", "version": "3.0.210506", "operator": "lt", "name": "qnap hybrid backup sync"}, {"cpeName": "qnap:hybrid_backup_sync", "version": "3.0.210506", "operator": "lt", "name": "qnap hybrid backup sync"}], "affectedConfiguration": [{"name": "qnap qts", "cpeName": "qnap:qts", "version": "4.3.6", "operator": "eq"}, {"name": "qnap qts", "cpeName": "qnap:qts", "version": "4.3.4", "operator": "eq"}, {"name": "qnap qts", "cpeName": "qnap:qts", "version": "4.3.3", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:qnap:hybrid_backup_sync:3.0.210507:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.210507", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:qnap:qts:4.3.6:-:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:qnap:hybrid_backup_sync:3.0.210506:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.210506", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:qnap:qts:4.3.4:-:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:qnap:hybrid_backup_sync:3.0.210506:*:*:*:*:*:*:*", "versionEndExcluding": "3.0.210506", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:qnap:qts:4.3.3:-:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.qnap.com/en/security-advisory/qsa-21-19", "name": "https://www.qnap.com/en/security-advisory/qsa-21-19", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/", "refsource": "MISC", "tags": ["Third Party Advisory", "VDB Entry"]}]}
{"zdi": [{"lastseen": "2022-01-31T22:20:36", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP NAS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RTSS server, which listens on TCP port 8899 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-08T00:00:00", "type": "zdi", "title": "QNAP NAS Hybrid Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28809"], "modified": "2021-07-08T00:00:00", "id": "ZDI-21-783", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-28809
