CVE-2021-28799

KEV
Published: Mag 13, 2021 Last Modified: Nov 03, 2025
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 10,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9090
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

285

Improper Authorization

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
Application

Hybrid Backup Sync by Qnap

Product Information
Vendor Qnap
Product Hybrid Backup Sync
Version Range Affected
To 3.0.210411 (exclusive)
cpe:2.3:a:qnap:hybrid_backup_sync:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hybrid Backup Sync by Qnap

Product Information
Vendor Qnap
Product Hybrid Backup Sync
Version Range Affected
To 16.0.0415 (exclusive)
cpe:2.3:a:qnap:hybrid_backup_sync:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hybrid Backup Sync by Qnap

Product Information
Vendor Qnap
Product Hybrid Backup Sync
Version Range Affected
To 16.0.0419 (exclusive)
cpe:2.3:a:qnap:hybrid_backup_sync:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hybrid Backup Sync by Qnap

Product Information
Vendor Qnap
Product Hybrid Backup Sync
Version Range Affected
To 3.0.210412 (exclusive)
cpe:2.3:a:qnap:hybrid_backup_sync:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021…
https://www.qnap.com/en/security-advisory/QSA-21-13
https://www.qnap.com/en/security-advisory/QSA-21-13
https://www.qnap.com/en/security-advisory/QSA-21-13
https://www.qnap.com/en/security-advisory/QSA-21-13