Network Security

QNAP Fixes Six Rsync Flaws In Its NAS Devices

QNAP Systems urged QNAP patches six Rsync flaws in its NAS devices. (QNAP” by COSCUP is licensed under CC BY-SA 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/2.0/?ref=openverse.)

SC Media reports that updates have been released by QNAP to fix a half-dozen open-source Rsync software vulnerabilities impacting its widely-used HBS 3 Hybrid Backup Sync 25.1.x network-attached storage (NAS) devices.

Billy Hoffman, Field CTO at Ionix, said the six flaws could be chained to facilitate remote command execution and arbitrary file read/write.

Immediate application of the latest HBS version has been recommended by QNAP, which accounts for almost a quarter of the NAS market.

Both Trey Ford, chief information security officer at Bugcrowd, and John Gallagher, vice president at Viakoo Labs, also stressed the importance of promptly remediating the flaws, with Gallagher noting a Censys study from 2023 detailing severely lacking patching practices for QNAP NAS devices.

"Remote code execution and remote system compromise is as serious as it gets," said Gallagher. "Because of the inherent connectivity they have, cloud-based sync and internal sync, they can be exploited," explained Gallagher, who also urged the implementation of IoT/OT asset discovery systems among NAS users.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.