Out-of-Bounds Read Vulnerability in QSS
CVE-2021-28801

3.1LOW

Key Information:

Vendor: QNAP
Status: Qss
Vendor: CVE Published:; 11 June 2021

Summary

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.

Affected Version(s)

QSS QSW-M2108-2C < 1.0.2 build 20210122

QSS QSW-M2108-2S < 1.0.2 build 20210122

QSS QSW-M2108R-2C < 1.0.2 build 20210122

References

https://www.qnap.com/zh-tw/security-advisory/qsa-21-23

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2021
Vulnerability Reserved
Mar 18, 2021

Credit

Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group