CVE-2021-28815

Published: Jun 16, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Affected (1)

Products: Qnap: Myqnapcloud Link

1 product

Myqnapcloud Link

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Qnap Myqnapcloud Link	Before 2.2.21

Running on/with	Platform Versions
Qnap Qts	Version 4.5.3
Qnap Quts Hero	Version h4.5.2
Qnap Qutscloud	Version c4.5.4

Related CWEs

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

https://www.qnap.com/zh-tw/security-advisory/qsa-21-26

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/zh-tw/security-advisory/qsa-21-26

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.