Vulnerabilities > CVE-2021-28813 - Insecure Storage of Sensitive Information vulnerability in Qnap Qsw-M2116P-2T2S Firmware and Qunetswitch

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qnap

CWE-922

NVD

Published: 2021-09-10

Updated: 2021-09-23

Summary

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Vulnerable Configurations

Part	Description	Count
OS	Qnap Qnap QSW M2116P 2T2S Firmware -	1
Hardware	Qnap Qnap QSW M2116P 2T2S - Qnap QGD 1600P - Qnap QGD 1602P - Qnap QGD 3014Pt -	4
Application	Qnap Qnap Qunetswitch - Qnap Qunetswitch 1.0.1 Qnap Qunetswitch 1.0.5.0623 Qnap Qunetswitch 1.0.5.0625	4

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.qnap.com/en/security-advisory/qsa-21-37