← Volver a CVEs
CVE-2021-28815
MEDIUM6.0
Descripcion
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
Detalles CVE
Puntuacion CVSS v3.16.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado6/16/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
qnap:myqnapcloud_linkqnap:qtsqnap:quts_heroqnap:qutscloud
Debilidades (CWE)
CWE-922
Referencias
https://www.qnap.com/zh-tw/security-advisory/qsa-21-26(security@qnapsecurity.com.tw)
https://www.qnap.com/zh-tw/security-advisory/qsa-21-26(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.