Summary: QNAP has addressed six critical vulnerabilities in its HBS 3 Hybrid Backup Sync software that could allow attackers to execute remote code on unpatched NAS devices. These vulnerabilities, identified as CVE-2024-12084 through CVE-2024-12747, can be exploited by attackers with anonymous read access to the vulnerable servers. Users are urged to update their software to the latest version to mitigate potential risks.
Threat Actor: Unknown | unknown
Victim: QNAP NAS users | QNAP NAS users
Keypoints :
- Six vulnerabilities in rsync could lead to remote code execution on unpatched NAS devices.
- Exploitation requires only anonymous read access to the vulnerable servers.
- QNAP has released a security advisory and an update to address these vulnerabilities.