CVE-2021-28813

CRITICAL

QSW-M2116P-2T2S, QNAP switches - Info Disclosure

Title source: llm

Description

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-21-37

Scores

CVSS v3 9.6

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Classification

CWE

CWE-522 CWE-259 CWE-798 CWE-922

Status published

Affected Products (2)

qnap/qsw-m2116p-2t2s_firmware < 1.0.6

qnap/qunetswitch < 1.0.6.1509

Timeline

Published Sep 10, 2021

Tracked Since Feb 18, 2026