PT-2021-17929 · Qnap Systems · Qsw-M2108R-2C+3
Jan Hoff
·
Published
2021-06-11
·
Updated
2022-10-18
·
CVE-2021-28805
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C
QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2S
QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C
QNAP Systems Inc. QSS versions prior to 1.0.12 build 20210506 on QSW-M408
Description:
The inclusion of sensitive information in the source code has been reported, affecting certain QNAP switches running QSS. If exploited, this issue allows attackers to read application data.
Recommendations:
For QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C, update to version 1.0.3 build 20210505 or later.
For QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2S, update to version 1.0.3 build 20210505 or later.
For QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C, update to version 1.0.3 build 20210505 or later.
For QNAP Systems Inc. QSS versions prior to 1.0.12 build 20210506 on QSW-M408, update to version 1.0.12 build 20210506 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qss
Qsw-M2108R-2C
Qsw-M2108-2S
Qsw-M408