CVE-2021-28799CISA KEVEPSS p99.5%

CVE-2021-28799QNAP NAS Improper Authorization Vulnerability

QNAP / Network Attached Storage (NAS)

Description

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

Scoring

EPSS78.40% probability of exploitation · percentile 99.5% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2022-03-31

(incoming)1

TypeTargetConfidenceTier
KEVEntryQNAP NAS Improper Authorization Vulnerabilitykev-cve-2021-287990%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
QNAP Helpdesk Improper Access Control Vulnerability
CVE
QNAP Photo Station Improper Access Control Vulnerability
CVE
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
CVE
QNAP NAS File Station Command Injection Vulnerability
CVE
QNAP QTS Improper Input Validation Vulnerability
CVE
Zyxel Multiple NAS Devices Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.