What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
PNY

Qnap Security Advisories QSA-24-41 and QSA-24-42 on 2 Resolved Vulnerabilities

Concerning HBS 3 Hybrid Backup Sync, and SMB Service

This is a Press Release edited by StorageNewsletter.com on November 5, 2024 at 2:00 pm

Qnap Systems, Inc. had published 2 security advisories on resolved vulnerabilities.

Vulnerability in HBS 3 Hybrid Backup Sync (PWN2OWN 2024)

Security ID: QSA-24-41
Release date: October 29, 2024
CVE identifier: CVE-2024-50388
Affected products: HBS 3 Hybrid Backup Sync 25.1.x
Severity: Critical
Status: Resolved

Summary
A vulnerability has been reported to affect HBS 3 Hybrid Backup Sync.

The company have already fixed the vulnerability in following version:

Affected product

Fixed version

HBS 3 Hybrid Backup Sync 25.1.x

HBS 3 Hybrid Backup Sync 25.1.1.673 and later

Recommendation
To fix the vulnerability, Qnap recommend updating HBS 3 Hybrid Backup Sync to the latest version.

Updating HBS 3 Hybrid Backup Sync

  1. Log on to QTS or QuTS hero as an administrator.
  2. Open App Center and then click Qnap Loupe .
    A search box appears.

  3. Type ‘HBS 3 Hybrid Backup Sync’ and then press ENTER.
    HBS 3 Hybrid Backup Sync appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your HBS 3 Hybrid Backup Sync is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Pwn2Own 2024 – Viettel Cyber Security

Revision History:
V1.0 (October 29, 2024) – Published

 

Vulnerability in SMB Service (PWN2OWN 2024)

Security ID: QSA-24-42
Release date: October 30, 2024
CVE identifier: CVE-2024-50387
Affected products: SMB Service 4.15.x, SMB Service h4.15.x
Severity: Critical
Status: Resolved

Summary
A vulnerability has been reported to affect SMB Service.

The company have already fixed the vulnerability in following versions:

Affected product

Fixed version

SMB Service 4.15.x

SMB Service 4.15.002 and later

SMB Service h4.15.x

SMB Service h4.15.002 and later

Recommendation
To fix the vulnerability, Qnap recommend updating SMB Service to the latest version.

Updating SMB Service

  1. Log on to QTS or QuTS hero as an administrator.
  2. Open App Center and then click.Qnap Loupe
    A search box appears.
  3. Type ‘SMB Service’ and then press ENTER.
    SMB Service appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your SMB Service is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Pwn2Own 2024 – YingMuo working with DEVCORE Internship Program

Revision History:
V1.0 (October 30, 2024) – Published

Read also :
Qnap Security Advisories QSA-23-12, QSA-23-25, QSA-23-29 for Resolved Vulnerabilities
Concerning Apache HTTP Server, Legacy QTS Oss, and Multimedia Console using in NAS
September 27, 2023 | Press Release
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON