QuTScloud

QuTScloud is the operating system for QNAP Cloud NAS virtual appliances. With the possibility of on-premises and cloud deployment, QuTScloud enables optimized cloud data usage and flexible resource allocation at a predictable monthly cost.

System
Applications

QES

QES is the operating system for dual-controller QNAP NAS models. With FreeBSD and ZFS, QES is flash-optimized, capable of driving outstanding performance for all-flash storage arrays.

System
Product
Resources

QNE Network

QNE Network is the operating system for QuCPE, QNAP's universal customer premises equipment series. Run virtual network functions, freely configure software-defined networks, and enjoy benefits such as lowered costs and reduced management efforts.

System
Applications

QSS

QNAP Switch System (QSS) is the configuration interface for QNAP's managed switch series. Enable management functions such as link aggregation, VLAN, and RSTP, to take care of your network topology with ease.

System

QuRouter

QNAP’s QuRouter OS simplifies managing high-speed and high-coverage LAN/WAN. With NAT, VPN, security, and QuWAN SD-WAN, network management is made easier and remote connections more secure.

System
Applications

QVR Surveillancee

QVR Surveillance is QNAP’s network video recorder software solution. It offers subscription-based QVR Elite and perpetual QVR Pro, and can be used with a series of apps, such as face recognition and door access control for a wider range of scenarios.

System
Applications
Resources

QVR Face

QVR Face is a smart facial recognition solution featuring real-time live streaming video analytics from connected cameras. It can be integrated into multiple scenarios to provide intelligent attendance management, door access control management, VIP welcome systems and smart retail services.

System
Applications
Resources

KoiMeeter

QNAP smart video solutions provides integrated intelligent packages such as video conferencing and smart retail, boosting productivity for individuals and businesses.

Video Conferencing
Smart Retail

Security ID : QSA-21-13

Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)


  • Release date : April 22, 2021

  • CVE identifier : CVE-2021-28799

  • Affected products: QNAP NAS running HBS 3

Severity

Critical

Status

Resolved


Summary

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. )

If exploited, the vulnerability allows remote attackers to log in to a device.

We have already fixed this vulnerability in the following versions of HBS 3:

  • QTS 4.5.2: HBS 3 v16.0.0415 and later
  • QTS 4.3.6: HBS 3 v3.0.210412 and later
  • QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later
  • QuTS hero h4.5.1: HBS 3 v16.0.0419 and later
  • QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later

QNAP NAS running HBS 2 and HBS 1.3 are not affected.

Recommendation

To fix the vulnerability, we recommend updating HBS 3 to the latest version.

Updating HBS 3

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “HBS 3 Hybrid Backup Sync” and then press ENTER.
    HBS 3 appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your HBS 3 is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: ZUSO ART

Revision History:
V3.0 (May 1, 2021) - Support QTS 4.3.4 and 4.3.3
V2.0 (April 23, 2021) - Revise Acknowledgements
V1.0 (April 22, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top