HIGH✓ PATCH🇬🇧 English

CVE-2021-28805

CVSS 7.8v3.1pub. 2021-06-11upd. 2024-11-21

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Qnap Qss

    APP
    Qnap
    < 1.0.3< 1.0.12
  • Qnap Qsw M2108 2c

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2108 2s

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2108r 2c

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M408

    HW
    Qnap
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-28801LOW3.1ten sam produkt

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploite...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...

CVE-2020-2509CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...

CVE-2018-19949CRITICAL9.8⚠ KEVten sam vendor

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...