CVE-2021-28813
Last modified
CVE-2021-28813 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later. EPSS estimates a 1.06% chance of exploitation in the next 30 days.
Description
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Qsw-M2116p-2t2s Firmware | < 1.0.6 |
| Qnap | Qunetswitch | < 1.0.6.1509 |
References
- https://www.qnap.com/en/security-advisory/qsa-21-37Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-21-37Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28813?
How severe is CVE-2021-28813?
How do I fix CVE-2021-28813?
Are you affected by CVE-2021-28813?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST