heise PlusAbo
Anzeige

Qnap closes NAS security gap from hacker competition

NAS models from Qnap with the backup software HBS 3 Hybrid Backup Sync are vulnerable. A new version closes a critical vulnerability.

listen Print view

(Image: Tatiana Popova/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit a"critical" vulnerability in HBS 3 Hybrid Backup Sync and gain admin rights on Qnap NAS devices. The developers have now closed the vulnerability.

The backup software was successfully attacked by a participant at the Pwn2Own Ireland 2024 hacker competition. As the organizer Trend Micro announced on X, the attack was based on a command injection bug (CVE-2024-50388). This earned the participant prize money of 10,000 US dollars.

So far, there are no details on how such an attack could work in detail. As can be seen from a warning message, the manufacturer reacted relatively quickly and closed the gap.

Videos by heise

Security update available

Anyone who owns a Qnap NAS should ensure that the version HBS 3 Hybrid Backup Sync 25.1.1.673 is installed in the App Center.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten