Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Hybrid Backup Sync by Qnap

    CERTFR-2025-AVI-0981

    Vulnerability from certfr_avis - Published: 2025-11-10 - Updated: 2025-11-10

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap N/A QuMagie versions 2.6.x et 2.7.x antérieures à 2.7.3
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync versions 26.x antérieures à 26.2.0.938
    Qnap N/A Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x antérieures à 1.9.2.3163
    Qnap N/A Hyper Data Protector versions 2.2.x antérieures à 2.2.4.1
    Qnap N/A Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x antérieures à 3.0.0.3466
    Qnap N/A Malware Remover versions 6.6.x antérieures à 6.6.8.20251023
    Qnap N/A Download Station versions 5.10.x pour QTS 5.2.1 antérieures à 5.10.0.305 ( 2025/09/16 )
    Qnap QuTS hero QuTS hero versions h5.3.x antérieures à h5.3.1.3292 build 20251024
    Qnap QuLog Center QuLog Center versions 1.8.x antérieures à 1.8.2.923 ( 2025/08/27 )
    Qnap N/A Download Station versions 5.10.x pour QuTS hero h5.2.1 antérieures à 5.10.0.304 ( 2025/09/08 )
    Qnap QTS QTS versions 5.2.x antérieures à QTS 5.2.7.3297 build 20251024
    Qnap QuTS hero QuTS hero versions h5.2.x antérieures à h5.2.7.3297 build 20251024
    Qnap File Station File Station 5 versions 5.5.x antérieures à 5.5.6.5018
    Qnap N/A Qsync Central versions 5.0.x antérieures à 5.0.0.3 ( 2025/08/28 )
    Qnap N/A Notification Center versions 2.1.x pour QuTS hero h5.3.x antérieures à 2.1.0.3443
    References
    Bulletin de sécurité Qnap QSA-25-37 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-45 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-48 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-40 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-43 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-38 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-41 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-47 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-33 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-42 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-46 2025-11-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuMagie versions 2.6.x et 2.7.x ant\u00e9rieures \u00e0 2.7.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "HBS 3 Hybrid Backup Sync versions 26.x ant\u00e9rieures \u00e0 26.2.0.938",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x ant\u00e9rieures \u00e0 1.9.2.3163",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Hyper Data Protector versions 2.2.x ant\u00e9rieures \u00e0 2.2.4.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x ant\u00e9rieures \u00e0 3.0.0.3466",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Malware Remover versions 6.6.x ant\u00e9rieures \u00e0 6.6.8.20251023",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.10.x pour QTS 5.2.1  ant\u00e9rieures \u00e0 5.10.0.305 ( 2025/09/16 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3292 build 20251024",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.2.923 ( 2025/08/27 )",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.10.x  pour QuTS hero h5.2.1 ant\u00e9rieures \u00e0 5.10.0.304 ( 2025/09/08 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 QTS 5.2.7.3297 build 20251024",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.7.3297 build 20251024",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.5018",
          "product": {
            "name": "File Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Qsync Central versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.3 ( 2025/08/28 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 2.1.x pour QuTS hero h5.3.x ant\u00e9rieures \u00e0 2.1.0.3443",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-57712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57712"
        },
        {
          "name": "CVE-2025-47207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47207"
        },
        {
          "name": "CVE-2025-53413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53413"
        },
        {
          "name": "CVE-2025-53411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53411"
        },
        {
          "name": "CVE-2025-58469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58469"
        },
        {
          "name": "CVE-2025-62849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62849"
        },
        {
          "name": "CVE-2025-54167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54167"
        },
        {
          "name": "CVE-2025-62842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62842"
        },
        {
          "name": "CVE-2025-59389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59389"
        },
        {
          "name": "CVE-2025-57706",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57706"
        },
        {
          "name": "CVE-2025-58463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58463"
        },
        {
          "name": "CVE-2025-53409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53409"
        },
        {
          "name": "CVE-2025-53408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53408"
        },
        {
          "name": "CVE-2025-53412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53412"
        },
        {
          "name": "CVE-2025-58465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58465"
        },
        {
          "name": "CVE-2025-54168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54168"
        },
        {
          "name": "CVE-2025-52865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52865"
        },
        {
          "name": "CVE-2025-53410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53410"
        },
        {
          "name": "CVE-2025-52425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52425"
        },
        {
          "name": "CVE-2025-58464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58464"
        },
        {
          "name": "CVE-2025-62847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62847"
        },
        {
          "name": "CVE-2025-11837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11837"
        },
        {
          "name": "CVE-2025-62848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62848"
        },
        {
          "name": "CVE-2025-62840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62840"
        }
      ],
      "initial_release_date": "2025-11-10T00:00:00",
      "last_revision_date": "2025-11-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0981",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-37",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-37"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-45",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-45"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-48",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-48"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-40",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-40"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-43",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-43"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-38",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-38"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-41",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-41"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-47",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-47"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-33",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-33"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-42",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-42"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-46",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-46"
        }
      ]
    }

    CERTFR-2024-AVI-0933

    Vulnerability from certfr_avis - Published: 2024-10-30 - Updated: 2024-10-30

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync versions 25.1.x antérieures à 25.1.1.673
    Qnap N/A SMB Service versions h4.15.x antérieures à h4.15.002
    Qnap N/A SMB Service versions 4.15.x antérieures à 4.15.002
    References
    Bulletin de sécurité Qnap QSA-24-41 2024-10-29 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-42 2024-10-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "HBS 3 Hybrid Backup Sync versions 25.1.x ant\u00e9rieures \u00e0 25.1.1.673",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "SMB Service versions h4.15.x ant\u00e9rieures \u00e0 h4.15.002",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "SMB Service versions 4.15.x ant\u00e9rieures \u00e0 4.15.002",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-50387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50387"
        },
        {
          "name": "CVE-2024-50388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50388"
        }
      ],
      "initial_release_date": "2024-10-30T00:00:00",
      "last_revision_date": "2024-10-30T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0933",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-10-30T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2024-10-29",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-41",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-41"
        },
        {
          "published_at": "2024-10-29",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-42",
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-42"
        }
      ]
    }

    CERTFR-2021-AVI-307

    Vulnerability from certfr_avis - Published: 2021-04-22 - Updated: 2021-04-22

    Une vulnérabilité a été découverte dans QNAP HBS 3 Hybrid Backup Sync. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync pour QuTScloud c4.5.x versions antérieures à 16.0.0419
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync pour QuTS hero h4.5.1 versions antérieures à 16.0.0419
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync pour QTS 4.5.2 versions antérieures à 16.0.0415
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync pour QTS 4.3.6 versions antérieures à 3.0.210412
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "HBS 3 Hybrid Backup Sync pour QuTScloud c4.5.x versions ant\u00e9rieures \u00e0 16.0.0419",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "HBS 3 Hybrid Backup Sync pour QuTS hero h4.5.1 versions ant\u00e9rieures \u00e0 16.0.0419",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "HBS 3 Hybrid Backup Sync pour QTS 4.5.2 versions ant\u00e9rieures \u00e0 16.0.0415",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "HBS 3 Hybrid Backup Sync pour QTS 4.3.6 versions ant\u00e9rieures \u00e0 3.0.210412",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-28799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28799"
        }
      ],
      "initial_release_date": "2021-04-22T00:00:00",
      "last_revision_date": "2021-04-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2021-AVI-307",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-04-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans QNAP HBS 3 Hybrid Backup Sync.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans QNAP HBS 3 Hybrid Backup Sync",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-13 du 22 avril 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-13"
        }
      ]
    }