9.6
CVE-2021-28813
- EPSS 0.38%
- Published 10.09.2021 04:15:16
- Last modified 21.11.2024 06:00:15
- Source security@qnapsecurity.com.tw
- Teams watchlist Login
- Open Login
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Data is provided by the National Vulnerability Database (NVD)
Qnap ≫ Qsw-m2116p-2t2s Firmware Version < 1.0.6
Qnap ≫ Qunetswitch Version < 1.0.6.1509
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.561 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security@qnapsecurity.com.tw | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.