### [CVE-2021-28799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28799)
![](https://img.shields.io/static/v1?label=Product&message=HBS%201.3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=HBS%202&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=HBS%203&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=!%20all%20versions%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%20v16.0.0415%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)

### Description

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/r0eXpeR/supplier
- https://github.com/triw0lf/Security-Matters-22