vulnerability
QNAP QTS: CVE-2021-28799: Improper Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | May 13, 2021 | Jul 17, 2025 | Nov 21, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 13, 2021
Added
Jul 17, 2025
Modified
Nov 21, 2025
Description
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Solution
qnap-qts-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.