QNAP says it has fixed several major vulnerabilities in NAS backup, recovery app
Posted by:
Olivia Smith
QNAP has recently patched six vulnerabilities found in its Hybrid Backup Sync (HBS) software, identified in the rsync tool. Rsync is an open-source file synchronization tool widely used for transferring and synchronizing files across systems. The vulnerabilities could potentially lead to arbitrary code execution on unpatched Network Attached Storage (NAS) devices. The affected versions are HBS 3 Hybrid Backup Sync 25.1.x, and users are strongly urged to update to version 25.1.4.952 immediately to safeguard their systems. Attackers could exploit these flaws with only anonymous read access, making it crucial for administrators to take prompt action. It is recommended to log in as an admin, access the App Center, search for HBS 3 Hybrid Backup Sync, and proceed with the update process. As highlighted by CERT/CC, the vulnerabilities could allow attackers to execute malicious code on devices running an Rsync server, posing a serious security risk to connected clients. Furthermore, over 700,000 IP addresses are currently exposed due to rsync servers, although the extent of exploitability remains uncertain. Stay informed on cybersecurity news by visiting BleepingComputer for the latest reports.
Recent Posts1
