CVE-2021-28815

EPSS 0.11%
Published 16.06.2021 04:15:08
Last modified 21.11.2024 06:00:15
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Myqnapcloud Link Version < 2.2.21

   Qnap ≫ Qts Version4.5.3 Update-
   Qnap ≫ Quts Hero Versionh4.5.2 Update-
   Qnap ≫ Qutscloud Versionc4.5.4 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.262

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security@qnapsecurity.com.tw	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.qnap.com/zh-tw/security-advisory/qsa-21-26

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28815

EUVD