QNAP Patches Six Vulnerabilities in HBS 3 Software
/ 1 min read
🔒💾 QNAP addresses critical rsync vulnerabilities in NAS devices. QNAP has patched six significant vulnerabilities in its HBS 3 Hybrid Backup Sync software that could allow remote code execution on unpatched Network Attached Storage (NAS) devices. The flaws, tracked as CVE-2024-12084 through CVE-2024-12747, include issues like heap buffer overflow and path traversal, which could be exploited by attackers with anonymous read access to vulnerable servers. QNAP has urged users to update to version 25.1.4.952 to mitigate these risks. With over 700,000 IP addresses showing exposed rsync servers, the potential for exploitation remains a concern, particularly as attackers could leverage these vulnerabilities to gain control over connected clients.
