Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

TechRadar

Sead Fadilpašić

QNAP patches worrying NAS security flaw, so update now

QNAP

An abstract image of a lock against a digital background, denoting cybersecurity.

Top NAS device manufacturer QNAP has fixed a high-severity vulnerability which allowed threat actors to execute arbitrary commands on target endpoints.

This zero-day flaw was described as an OS command injection weakness, plaguing the company’s disaster recovery and data backup solution called HBS 3 Hybrid Backup Sync. Versions 25.1.x were said to be vulnerable.

The bug is tracked as CVE-2024-50388, and is yet to be given a severity score.

"An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands," the company said in a follow-up security advisory.

Pwn2Own

If your organization is using these devices, make sure to upgrade to the latest version as soon as possible - to protect against potential compromise, make sure to get your HBS 3 Backup Sync to versions 25.1.1.673, or newer.

Updating can be done through the NAS device, by logging into QTS or QuTS hero as admin, navigating to the App Center, navigating to “HBS 3 Hybrid Backup Sync”, and looking for the “Update” button. If it’s not available, that means the tool is up to date.

The vulnerability was first discovered during the Pwn2Own Ireland 2024 hackathon, when two Viettel Cyber Security researchers, Ha The Long, and Ha Anh Hoang, used it to execute arbitrary code and gain admin privileges on a TS-464 NAS device. The team ended up winning the hackathon.

QNAP is one of the world’s most popular manufacturers of NAS devices, and as such is a major target for cybercriminals. NAS devices are often used to store sensitive personal files which, if stolen, can be used as leverage in an extortion attempt. QNAP often releases patches to address different vulnerabilities, and it would be wise to keep these instances updated at all times.

Via BleepingComputer

More from TechRadar Pro

QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now
We've tested the best NAS hard drives around
These are the best endpoint protection tools right now

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

Wes Streeting defends tuition fee increase as ‘proportionate and reasonable’

Wes Streeting defends tuition fee increase as ‘proportionate and reasonable’

Health Secretary Mr Streeting, a former president of the National Union of Students, said he would still go to university even with the fee rise.

The Independent UK

Musk-linked Pac accused of targeting Jewish and Arab Americans in swing states

Musk-linked Pac accused of targeting Jewish and Arab Americans in swing states

Future Coalition Pac accused of sending the two groups very different messages about Harris’s position on Gaza

The Guardian - US

Man arrested after federal officials say he sought to destroy Nashville power site

Man arrested after federal officials say he sought to destroy Nashville power site

The Department of Justice says federal agents have arrested a Tennessee man who they say was trying to destroy a Nashville electrical substation

The Independent UK

Trump calls Harris a ‘disaster’ as he concludes final day of campaigning

Trump calls Harris a ‘disaster’ as he concludes final day of campaigning

In his last appeal in Grand Rapids, former president claims people believe God ‘saved me in order to save America’.

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Tropical Storm Rafael Expected To Strengthen Into Hurricane

Tropical Storm Rafael Expected To Strengthen Into Hurricane

Tropical Storm Rafael intensifying into a hurricane, posing threats to the Caribbean and Florida with heavy rainfall, damaging winds, and storm surges.

Who’s who in the Conservative shadow cabinet

Who’s who in the Conservative shadow cabinet

Kemi Badenoch’s new front bench team will hold its first meeting on Tuesday.

The Independent UK

Related Stories

Top stories on inkl right now

Wes Streeting defends tuition fee increase as ‘proportionate and reasonable’

Wes Streeting defends tuition fee increase as ‘proportionate and reasonable’

Health Secretary Mr Streeting, a former president of the National Union of Students, said he would still go to university even with the fee rise.

The Independent UK

Musk-linked Pac accused of targeting Jewish and Arab Americans in swing states

Musk-linked Pac accused of targeting Jewish and Arab Americans in swing states

Future Coalition Pac accused of sending the two groups very different messages about Harris’s position on Gaza

The Guardian - US

Man arrested after federal officials say he sought to destroy Nashville power site

Man arrested after federal officials say he sought to destroy Nashville power site

The Department of Justice says federal agents have arrested a Tennessee man who they say was trying to destroy a Nashville electrical substation

The Independent UK

Trump calls Harris a ‘disaster’ as he concludes final day of campaigning

Trump calls Harris a ‘disaster’ as he concludes final day of campaigning

In his last appeal in Grand Rapids, former president claims people believe God ‘saved me in order to save America’.

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Tropical Storm Rafael Expected To Strengthen Into Hurricane

Tropical Storm Rafael Expected To Strengthen Into Hurricane

Tropical Storm Rafael intensifying into a hurricane, posing threats to the Caribbean and Florida with heavy rainfall, damaging winds, and storm surges.

Who’s who in the Conservative shadow cabinet

Who’s who in the Conservative shadow cabinet

Kemi Badenoch’s new front bench team will hold its first meeting on Tuesday.

The Independent UK

Our Picks

Taylor Swift shares ‘extremely important’ reminder with fans

Pop star endorsed Kamala Harris after watching her presidential debate against Donald Trump in September

The Independent UK

The 27 Club isn’t true, but it is real − a sociologist explains why myths endure and how they shape reality

There’s a certain allure to the notion that some of the world’s brightest stars burn out at the age of 27. The so-called 27 Club has captivated the public imagination for half a century. Its members include legendary musicians Jimi Hendrix, Janis Joplin, Jim Morrison, Kurt Cobain and Amy Winehouse.…

The Conversation

Quincy Jones’s music was the soundtrack to so many Black lives – and something we could be proud of

There will be countless tributes to the revered producer, but for me he evokes happy days growing up and the chaos of family parties, says music industry employee Michelle Kambasha

The Guardian - UK

Dick Van Dyke makes rare social media appearance to endorse US Presidential candidate

'Mary Poppins' star Dick Van Dyke, 98, has made a rare social media appearance to pledge his support to Kamala Harris in the US Presidential race, and he did so by reciting a speech he delivered alongside Martin Luther King Jr. at a 1964 civil rights event.

Rihanna Showed Off Her Glossy Waves With The Blunt Bob of My Dreams

Fall hair inspiration at its finest.

Keanu Reeves confesses to throwing up during John Wick stunts

Keanu Reeves has revealed that he relished the challenge of filming the 'John Wick' movies.

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play