Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-28813

Опубликовано: 10 сент. 2021
Источник: nvd
CVSS3: 9.6
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:qnap:qsw-m2116p-2t2s_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.6 (исключая)
cpe:2.3:h:qnap:qsw-m2116p-2t2s:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:qnap:qunetswitch:*:*:*:*:*:*:*:*
Версия до 1.0.6.1509 (исключая)

Одно из

cpe:2.3:h:qnap:qgd-1600p:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:qgd-1602p:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:qgd-3014pt:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00375
Низкий

9.6 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-259
CWE-922

Связанные уязвимости

github логотип

GHSA-v5xc-jmcq-c9fm

github
больше 3 лет назад

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

EPSS

Процентиль: 59%
0.00375
Низкий

9.6 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-259
CWE-922