CVE-2021-28813

Summary

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QSW-M2116P-2T2Sunspecified < 1.0.6 build 210713affected
QNAP Systems Inc.QuNetSwitchunspecified < 1.0.6.1509affected
QNAP Systems Inc.QuNetSwitchunspecified < 1.0.6.1509affected
QNAP Systems Inc.QuNetSwitchunspecified < 1.0.6.1519affected

Weaknesses

  • CWE-259: CWE-259
  • CWE-798: CWE-798
  • CWE-522: CWE-522

ADP Enrichment

CVE Program Container

Additional References

References