CVE-2021-28815

EPSS 0.11%
Veröffentlicht 16.06.2021 04:15:08
Zuletzt bearbeitet 21.11.2024 06:00:15
Quelle security@qnapsecurity.com.tw
Teams Watchlist Login
Unerledigt Login

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qnap ≫ Myqnapcloud Link Version < 2.2.21

   Qnap ≫ Qts Version4.5.3 Update-
   Qnap ≫ Quts Hero Versionh4.5.2 Update-
   Qnap ≫ Qutscloud Versionc4.5.4 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.262

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security@qnapsecurity.com.tw	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.qnap.com/zh-tw/security-advisory/qsa-21-26

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28815

EUVD