QNAP Security Advisory | Bulletin ID: QSA-25-02 on Resolved Vulnerabilities in Rsync

QNAP Systems Inc. had published a security enhancement against security vulnerabilities that could affect specific versions of QNAP products.

Use the following information and solutions to correct the security issues and vulnerabilities.

Multiple Vulnerabilities in Rsync

Release date: January 23, 2025
Security ID: QSA-25-02
Severity: Important
CVE identifier: CVE-2024-12084 | CVE-2024-12085 | CVE-2024-12086 | CVE-2024-12087 | CVE-2024-12088 | CVE-2024-12747
Affected products: HBS 3 Hybrid Backup Sync 25.1.x

Summary
Multiple vulnerabilities have been reported in rsync, affecting HBS 3 Hybrid Backup Sync.

The company have already fixed vulnerabilities in following version:

Recommendation
To fix the vulnerabilities, we recommend updating HBS 3 Hybrid Backup Sync to the latest version.

Updating HBS 3 Hybrid Backup Sync

1. Log on to QTS or QuTS hero as administrator.
2. Open the App Center and then click 
   A search box appears.
3. Type ‘HBS 3 Hybrid Backup Sync’ and then press ENTER.
   HBS 3 Hybrid Backup Sync appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your HBS 3 Hybrid Backup Sync is already up to date.
5. Click OK.
   The application is updated.

Attachment

• QSA-25-02.json

Revision History:
V1.0 (January 23, 2025) – Published

Questions regarding this issue, contact