cbcvebase.
CVE-2021-28813
published 2021-09-10

CVE-2021-28813: A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.06%
60.3th percentile
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Affected

5 ranges
VendorProductVersion rangeFixed in
qnapqsw-m2116p-2t2s_firmware< 1.0.61.0.6
qnapqunetswitch< 1.0.6.15091.0.6.1509
qnap_systems_incqsw-m2116p-2t2s>= unspecified < 1.0.6 build 2107131.0.6 build 210713
qnap_systems_incqunetswitch>= unspecified < 1.0.6.15091.0.6.1509
qnap_systems_incqunetswitch>= unspecified < 1.0.6.15191.0.6.1519

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.