CVE-2021-28799 Scanner

Hybrid Backup Sync (HBS 3) is a comprehensive backup and disaster recovery solution developed by QNAP Systems, Inc. Primarily used within network-attached storage (NAS) systems, it's designed to provide data protection, retrieval, and synchronization solutions. Businesses and individual users utilize HBS 3 to safeguard their data by executing file, folder, and system-level backups. It supports various protocols and integrates seamlessly with cloud storage platforms, making it highly versatile. The solution is critical in environments where data integrity and availability are paramount. HBS 3 ensures that sensitive data can be securely stored and easily restored in the event of data loss or corruption.

The Improper Access Control vulnerability in HBS 3 allows remote attackers to exploit a system without appropriate authorization. This vulnerability is particularly concerning as it could enable unauthorized data access and full system compromise. Access control mechanisms are intended to protect sensitive data by ensuring only authorized users can access certain resources, and when these controls are weak or misconfigured, they can easily be bypassed. In HBS 3, this vulnerability may exist due to a lack of proper authentication mechanisms or checks in the software's code, opening up the risks for exploitation. Its presence emphasizes the need for robust security checks and processes in software dealing with data management and backup.

The vulnerability resides in the Backup Management functionality, which processes commands based on their respective session identifiers. By manipulating the session identifier "act":"run_cmd", unauthorized commands such as "cmd":"cat /etc/passwd" can potentially be executed. Attackers exploit the raw POST requests sent to the endpoint "/cgi-bin/backup/hbs_mgnt.cgi". The crafted payload would result in revealing sensitive information stored within the targeted system. Furthermore, explanations of incorrect login bypass highlight how effective remote exploitations can occur without needing authenticated access.

If exploited, this vulnerability can lead to unauthorized access to critical systems, resulting in data breaches. Potential threats include data theft, modification, or deletion, which can disrupt operations and result in financial and reputational damage. Unauthorized system access can also lay groundwork for further exploits, like installing malware, creating persistence within the system, or escalating privileges. Due to its severity, businesses could face compliance issues with data protection standards and governance.

REFERENCES

• https://www.qnap.com/en/security-advisory/QSA-21-13
• https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
• https://gist.github.com/daniruiz/962ecca527b59954e619c5ae2cab680c
• https://nvd.nist.gov/vuln/detail/CVE-2021-28799