QNAP Releases Security Updates Affecting HBS 3 Hybrid Backup Sync

An OS command injection vulnerability that could lead to arbitrary code execution has been patched

Threat ID:: CC-4569
Threat Severity:: Medium
Published:: 1 November 2024 11:02 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

An OS command injection vulnerability that could lead to arbitrary code execution has been patched

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 25.1.1.673

QNAP Hybrid Backup Sync

Threat details

Introduction

QNAP has released a security update that addresses an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. HBS 3 Hybrid Backup Sync is a backup and disaster recovery solution for local, remote server, and cloud storage services. If exploited, CVE-2024-50388 could allow a remote attacker to execute arbitrary commands.

Remediation advice

Affected organisations are encouraged to review QNAP security advisory QSA-24-41 and apply the relevant updates.

Definitive source of threat updates

https://www.qnap.com/en/security-advisory/qsa-24-41

CVE Vulnerabilities

Status Reserved

CVE-2024-50388

Last edited: 1 November 2024 11:02 am