CVE-2024-50388 CRITICAL

CVE-2024-50388: HBS 3 Hybrid Backup Sync

Vendor Qnap Systems Inc.
Product HBS 3 Hybrid Backup Sync
Weakness CWE-77
Published December 6, 2024
Last update December 6, 2024

CVSS base score

9.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later

Key dates

02Disclosure timeline

December 6, 2024 CVE published
December 6, 2024 Record updated