CVE-2021-28810 — HIGH (7.5)

Q: How severe is CVE-2021-28810?

CVE-2021-28810 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-28810?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Roon Server.

Vulnerability Description

If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Qnap	Roon Server	< 2021-05-18

Related Weaknesses (CWE)

CWE-290

References

https://www.qnap.com/zh-tw/security-advisory/qsa-21-17Vendor Advisory
https://www.qnap.com/zh-tw/security-advisory/qsa-21-17Vendor Advisory

FAQ

What is CVE-2021-28810?

CVE-2021-28810 is a vulnerability with a CVSS score of 7.5 (HIGH). If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the followin...

How severe is CVE-2021-28810?

CVE-2021-28810 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28810?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Roon Server.