CVE-2021-28813: Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch
First published: Fri Sep 10 2021(Updated: )
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qnap Qsw-m2116p-2t2s Firmware | <1.0.6 | |
| Qnap Qsw-m2116p-2t2s | ||
| Qnap Qunetswitch | <1.0.6.1509 | |
| Qnap Qgd-1600p | ||
| Qnap Qgd-1602p | ||
| Qnap Qgd-3014pt |
Remedy
We have already fixed this vulnerability in the following versions of QSW-M2116P-2T2S, QuNetSwitch: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/qnap
- canonical/qnap qsw-m2116p-2t2s firmware
- canonical/qnap qsw-m2116p-2t2s
- canonical/qnap qunetswitch
- canonical/qnap qgd-1600p
- canonical/qnap qgd-1602p
- canonical/qnap qgd-3014pt