CVE-2021-28813Use of Hard-coded Password in Systems INC Qsw-m2116p-2t2s

CWE-259Use of Hard-coded PasswordCWE-522Insufficiently Protected CredentialsCWE-798Hard-coded CredentialsCWE-922Insecure Storage of Sensitive Information3 documents3 sources
Severity
7.5HIGHNVD
CNA9.6
EPSS
0.4%
top 40.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC Qsw-m2116p-2t2sQnap Systems INC QunetswitchQnap Qsw-m2116p-2t2s Firmware+1 more
Timeline
PublishedSep 10
Latest updateMay 24

Description

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: Q

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDqnap/qunetswitch< 1.0.6.1509
CVEListV5qnap_systems_inc/qunetswitchunspecified1.0.6.1509+1
CVEListV5qnap_systems_inc/qsw-m2116p-2t2sunspecified1.0.6 build 210713

🔴Vulnerability Details

2
GHSA
GHSA-v5xc-jmcq-c9fm: A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch2022-05-24
CVEList
Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch2021-09-10
CVE-2021-28813 — Use of Hard-coded Password | cvebase