PT-2021-17937 · Qnap Systems · Myqnapcloud Link+3
Cj Fairhead
·
Published
2021-06-16
·
Updated
2021-06-23
·
CVE-2021-28815
CVSS v3.1
6.0
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3
QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QuTS hero h4.5.2
QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QuTScloud c4.5.4
Description:
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this issue allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
Recommendations:
For QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3, update to version 2.2.21 or later.
For QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QuTS hero h4.5.2, update to version 2.2.21 or later.
For QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QuTScloud c4.5.4, update to version 2.2.21 or later.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero
Qutscloud
Myqnapcloud Link