Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for QSS by QNAP Systems Inc.

    CVE-2021-28805 (GCVE-0-2021-28805)

    Vulnerability from nvd – Published: 2021-06-11 06:35 – Updated: 2024-09-17 04:19
    VLAI
    Title
    Inclusion of Sensitive Information in QSS
    Summary
    Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.
    CWE
    • CWE-540 - Information Exposure Through Source Code
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.3 build 20210505 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.12 build 20210506 (custom)
    Create a notification for this product.
    Date Public
    2021-06-11 00:00
    Credits
    Jan Hoff
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QSW-M2108-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108-2S"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108R-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M408"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.12 build 20210506",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan Hoff"
            }
          ],
          "datePublic": "2021-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Information Exposure Through Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T06:35:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.3 build 20210505 and later\nQSW-M2108-2S: QSS 1.0.3 build 20210505 and later\nQSW-M2108R-2C: QSS 1.0.3 build 20210505 and later\nQSW-M408: QSS 1.0.12 build 20210506 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-24",
            "discovery": "EXTERNAL"
          },
          "title": "Inclusion of Sensitive Information in QSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-11T06:01:00.000Z",
              "ID": "CVE-2021-28805",
              "STATE": "PUBLIC",
              "TITLE": "Inclusion of Sensitive Information in QSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QSS",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QSW-M2108-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M2108-2S",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M2108R-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M408",
                                "version_affected": "\u003c",
                                "version_value": "1.0.12 build 20210506"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan Hoff"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-540 Information Exposure Through Source Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.3 build 20210505 and later\nQSW-M2108-2S: QSS 1.0.3 build 20210505 and later\nQSW-M2108R-2C: QSS 1.0.3 build 20210505 and later\nQSW-M408: QSS 1.0.12 build 20210506 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-24",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28805",
        "datePublished": "2021-06-11T06:35:15.074Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:06.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28801 (GCVE-0-2021-28801)

    Vulnerability from nvd – Published: 2021-06-11 06:35 – Updated: 2024-09-17 00:06
    VLAI
    Title
    Out-of-Bounds Read Vulnerability in QSS
    Summary
    An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.2 build 20210122 (custom)
    Create a notification for this product.
    Date Public
    2021-06-11 00:00
    Credits
    Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QSW-M2108-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108-2S"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108R-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Qian Chen from Codesafe Team of Legendsec at Qi\u0027anxin Group"
            }
          ],
          "datePublic": "2021-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T06:35:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-23",
            "discovery": "EXTERNAL"
          },
          "title": "Out-of-Bounds Read Vulnerability in QSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-11T06:01:00.000Z",
              "ID": "CVE-2021-28801",
              "STATE": "PUBLIC",
              "TITLE": "Out-of-Bounds Read Vulnerability in QSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QSS",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QSW-M2108-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              },
                              {
                                "platform": "QSW-M2108-2S",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              },
                              {
                                "platform": "QSW-M2108R-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Qian Chen from Codesafe Team of Legendsec at Qi\u0027anxin Group"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-23",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28801",
        "datePublished": "2021-06-11T06:35:14.369Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:25.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28805 (GCVE-0-2021-28805)

    Vulnerability from cvelistv5 – Published: 2021-06-11 06:35 – Updated: 2024-09-17 04:19
    VLAI
    Title
    Inclusion of Sensitive Information in QSS
    Summary
    Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.
    CWE
    • CWE-540 - Information Exposure Through Source Code
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.3 build 20210505 (custom)
    Create a notification for this product.
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.12 build 20210506 (custom)
    Create a notification for this product.
    Date Public
    2021-06-11 00:00
    Credits
    Jan Hoff
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QSW-M2108-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108-2S"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108R-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.3 build 20210505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M408"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.12 build 20210506",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Jan Hoff"
            }
          ],
          "datePublic": "2021-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Information Exposure Through Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T06:35:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.3 build 20210505 and later\nQSW-M2108-2S: QSS 1.0.3 build 20210505 and later\nQSW-M2108R-2C: QSS 1.0.3 build 20210505 and later\nQSW-M408: QSS 1.0.12 build 20210506 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-24",
            "discovery": "EXTERNAL"
          },
          "title": "Inclusion of Sensitive Information in QSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-11T06:01:00.000Z",
              "ID": "CVE-2021-28805",
              "STATE": "PUBLIC",
              "TITLE": "Inclusion of Sensitive Information in QSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QSS",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QSW-M2108-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M2108-2S",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M2108R-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.3 build 20210505"
                              },
                              {
                                "platform": "QSW-M408",
                                "version_affected": "\u003c",
                                "version_value": "1.0.12 build 20210506"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Jan Hoff"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-540 Information Exposure Through Source Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-24"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.3 build 20210505 and later\nQSW-M2108-2S: QSS 1.0.3 build 20210505 and later\nQSW-M2108R-2C: QSS 1.0.3 build 20210505 and later\nQSW-M408: QSS 1.0.12 build 20210506 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-24",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28805",
        "datePublished": "2021-06-11T06:35:15.074Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:06.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28801 (GCVE-0-2021-28801)

    Vulnerability from cvelistv5 – Published: 2021-06-11 06:35 – Updated: 2024-09-17 00:06
    VLAI
    Title
    Out-of-Bounds Read Vulnerability in QSS
    Summary
    An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. QSS Affected: unspecified , < 1.0.2 build 20210122 (custom)
    Create a notification for this product.
    Date Public
    2021-06-11 00:00
    Credits
    Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QSW-M2108-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108-2S"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QSW-M2108R-2C"
              ],
              "product": "QSS",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "1.0.2 build 20210122",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Qian Chen from Codesafe Team of Legendsec at Qi\u0027anxin Group"
            }
          ],
          "datePublic": "2021-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T06:35:14.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-23",
            "discovery": "EXTERNAL"
          },
          "title": "Out-of-Bounds Read Vulnerability in QSS",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-11T06:01:00.000Z",
              "ID": "CVE-2021-28801",
              "STATE": "PUBLIC",
              "TITLE": "Out-of-Bounds Read Vulnerability in QSS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QSS",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QSW-M2108-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              },
                              {
                                "platform": "QSW-M2108-2S",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              },
                              {
                                "platform": "QSW-M2108R-2C",
                                "version_affected": "\u003c",
                                "version_value": "1.0.2 build 20210122"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Qian Chen from Codesafe Team of Legendsec at Qi\u0027anxin Group"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-23",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28801",
        "datePublished": "2021-06-11T06:35:14.369Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:25.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }