Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch
CVE-2021-28813

9.6CRITICAL

Key Information:

Vendor: QNAP
Status: Qsw-m2116p-2t2s; Qunetswitch
Vendor: CVE Published:; 10 September 2021

What is CVE-2021-28813?

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Affected Version(s)

QSW-M2116P-2T2S < 1.0.6 build 210713

QuNetSwitch QGD-1600P < 1.0.6.1509

QuNetSwitch QGD-1602P < 1.0.6.1509

References

https://www.qnap.com/en/security-advisory/qsa-21-37

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2021
Vulnerability Reserved
Mar 18, 2021

CVE-2021-28813 Data

JSON