LOW✓ PATCH🇵🇱 Wersja polska

CVE-2021-28801

CVSS 3.1v3.1pub. 2021-06-11upd. 2024-11-21

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Qnap Qss

    APP
    Qnap
    < 1.0.2
  • Qnap Qsw M2108 2c

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2108 2s

    HW
    Qnap
    wszystkie wersje
  • Qnap Qsw M2108r 2c

    HW
    Qnap
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2021-28805HIGH7.8ten sam produkt

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches runnin...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...

CVE-2020-2509CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...

CVE-2018-19949CRITICAL9.8⚠ KEVten sam vendor

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...