CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-28813

CVSS 9.6v3.1pub. 2021-09-10upd. 2024-11-21

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
  • Qnap Qgd 1600p

    HW
    Qnap
    wszystkie wersje
  • Qnap Qgd 1602p

    HW
    Qnap
    wszystkie wersje
  • Qnap Qgd 3014pt

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2116p 2t2s

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2116p 2t2s Firmware

    OS
    Qnap
    < 1.0.6
  • Qnap Qunetswitch

    APP
    Qnap
    < 1.0.6.1509
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-22897HIGH8.1ten sam produkt

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then explo...

CVE-2026-22900MEDIUM6.8ten sam produkt

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers ca...

CVE-2026-22901MEDIUM6.3ten sam produkt

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user a...

CVE-2026-22902MEDIUM5.7ten sam produkt

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an admini...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...