9 matches found
QNAP QTS / QuTS hero Improper Authorization Vulnerability in HBS 3 (QSA-21-13)
The version of QNAP QTS or QuTS hero on the remote host is affected by an improper authorization vulnerability when running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. Note that Nessus has not tested for this issue but has instead relie...
QNAP NAS Command Injection (CVE-2021-28799)
A command injection vulnerability exists in QNAP NAS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
QNAP: Get NAS Devices Off the Internet Now
Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Operators of the nearly-year-old eCh0raix ransomware strain that’s been used to target QNAP and Synology network-attached storage NAS devices in past, separate campaigns have, gotten more efficient. According to researchers, both have put out a new variant that can target either vendors’ devices ...
CVE-2021-28799
creationtimestamp| type| source ---|---|--- 2021-05-23 16:44:35+00:00| exploited| https://t.me/CyberGovIL/1261 2021-08-10 15:25:39+00:00| seen| MISP/bb8198c3-2aee-4d3c-8b0f-e341fd1c7f0b 2021-08-11 06:06:59+00:00| seen| MISP/fad396ea-c38c-4e15-a3e2-134eac72edc3 2021-10-25 22:32:43+00:00| seen|...
CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...
CVE-2021-28799
CVE-2021-28799 is an improper authorization vulnerability affecting QNAP HBS 3 on various QTS/QuTS versions. The flaw allows remote attackers to log in to affected devices. Affected: HBS 3 on QTS 4.5.2 (prior to v16.0.0415); QTS 4.3.6 (prior to v3.0.210412); QTS 4.3.4 (prior to v3.0.210411); QTS ...
VulnCheck KEV: CVE-2021-28799
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device...
New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It!
A new ransomware strain called "Qlocker" is targeting QNAP network attached storage NAS devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a...