CVE-2021-28813
published 2021-09-10CVE-2021-28813: A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.06%
60.3th percentile
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qsw-m2116p-2t2s_firmware | < 1.0.6 | 1.0.6 |
| qnap | qunetswitch | < 1.0.6.1509 | 1.0.6.1509 |
| qnap_systems_inc | qsw-m2116p-2t2s | >= unspecified < 1.0.6 build 210713 | 1.0.6 build 210713 |
| qnap_systems_inc | qunetswitch | >= unspecified < 1.0.6.1509 | 1.0.6.1509 |
| qnap_systems_inc | qunetswitch | >= unspecified < 1.0.6.1519 | 1.0.6.1519 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-10
Published