Vulnerability Description
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Myqnapcloud Link | < 2.2.21 |
| Qnap | Qts | 4.5.3 |
| Qnap | Quts Hero | h4.5.2 |
| Qnap | Qutscloud | c4.5.4 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-26Vendor Advisory
- https://www.qnap.com/zh-tw/security-advisory/qsa-21-26Vendor Advisory
FAQ
What is CVE-2021-28815?
CVE-2021-28815 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by acces...
How severe is CVE-2021-28815?
CVE-2021-28815 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28815?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Myqnapcloud Link, Qnap Qts, Qnap Quts Hero, Qnap Qutscloud.