Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for myQNAPcloud Link by QNAP Systems Inc.

    CVE-2024-32764 (GCVE-0-2024-32764)

    Vulnerability from nvd – Published: 2024-04-26 15:00 – Updated: 2024-08-02 02:20
    VLAI
    Title
    myQNAPcloud Link
    Summary
    A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. myQNAPcloud Link Affected: 2.4.x , < 2.4.51 (custom)
    Create a notification for this product.
    qnap myqnapcloud_link Affected: 2.4 , < 2.4.51 (custom)
        cpe:2.3:a:qnap:myqnapcloud_link:2.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ZDI-CAN-22457/22458: Team ECQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:myqnapcloud_link:2.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "myqnapcloud_link",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "2.4.51",
                    "status": "affected",
                    "version": "2.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32764",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T17:31:11.291616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:50:44.406Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.4.51",
                  "status": "affected",
                  "version": "2.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ZDI-CAN-22457/22458: Team ECQ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003emyQNAPcloud Link 2.4.51 and later\u003cbr\u003e"
                }
              ],
              "value": "A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.\n\nWe have already fixed the vulnerability in the following version:\nmyQNAPcloud Link 2.4.51 and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T15:00:51.334Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003emyQNAPcloud Link 2.4.51 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nmyQNAPcloud Link 2.4.51 and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-09",
            "discovery": "EXTERNAL"
          },
          "title": "myQNAPcloud Link",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-32764",
        "datePublished": "2024-04-26T15:00:51.334Z",
        "dateReserved": "2024-04-18T08:14:16.553Z",
        "dateUpdated": "2024-08-02T02:20:35.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28815 (GCVE-0-2021-28815)

    Vulnerability from nvd – Published: 2021-06-16 04:00 – Updated: 2024-09-17 01:16
    VLAI
    Title
    Insecure Storage of Sensitive Information in myQNAPcloud Link
    Summary
    Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. myQNAPcloud Link Affected: unspecified , < 2.2.21 (custom)
    Create a notification for this product.
    Date Public
    2021-06-16 00:00
    Credits
    CJ Fairhead
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QTS 4.5.3"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QuTS hero h4.5.2"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QuTScloud c4.5.4"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "CJ Fairhead"
            }
          ],
          "datePublic": "2021-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T04:00:11.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-26",
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Storage of Sensitive Information in myQNAPcloud Link",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-16T00:32:00.000Z",
              "ID": "CVE-2021-28815",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Storage of Sensitive Information in myQNAPcloud Link"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myQNAPcloud Link",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QTS 4.5.3",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              },
                              {
                                "platform": "QuTS hero h4.5.2",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              },
                              {
                                "platform": "QuTScloud c4.5.4",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "CJ Fairhead"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 Insecure Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-26",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28815",
        "datePublished": "2021-06-16T04:00:11.639Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:56.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32764 (GCVE-0-2024-32764)

    Vulnerability from cvelistv5 – Published: 2024-04-26 15:00 – Updated: 2024-08-02 02:20
    VLAI
    Title
    myQNAPcloud Link
    Summary
    A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. myQNAPcloud Link Affected: 2.4.x , < 2.4.51 (custom)
    Create a notification for this product.
    qnap myqnapcloud_link Affected: 2.4 , < 2.4.51 (custom)
        cpe:2.3:a:qnap:myqnapcloud_link:2.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ZDI-CAN-22457/22458: Team ECQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qnap:myqnapcloud_link:2.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "myqnapcloud_link",
                "vendor": "qnap",
                "versions": [
                  {
                    "lessThan": "2.4.51",
                    "status": "affected",
                    "version": "2.4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32764",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T17:31:11.291616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:50:44.406Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.4.51",
                  "status": "affected",
                  "version": "2.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ZDI-CAN-22457/22458: Team ECQ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003emyQNAPcloud Link 2.4.51 and later\u003cbr\u003e"
                }
              ],
              "value": "A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.\n\nWe have already fixed the vulnerability in the following version:\nmyQNAPcloud Link 2.4.51 and later\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T15:00:51.334Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "url": "https://www.qnap.com/en/security-advisory/qsa-24-09"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003emyQNAPcloud Link 2.4.51 and later\u003cbr\u003e"
                }
              ],
              "value": "We have already fixed the vulnerability in the following version:\nmyQNAPcloud Link 2.4.51 and later\n"
            }
          ],
          "source": {
            "advisory": "QSA-24-09",
            "discovery": "EXTERNAL"
          },
          "title": "myQNAPcloud Link",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2024-32764",
        "datePublished": "2024-04-26T15:00:51.334Z",
        "dateReserved": "2024-04-18T08:14:16.553Z",
        "dateUpdated": "2024-08-02T02:20:35.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28815 (GCVE-0-2021-28815)

    Vulnerability from cvelistv5 – Published: 2021-06-16 04:00 – Updated: 2024-09-17 01:16
    VLAI
    Title
    Insecure Storage of Sensitive Information in myQNAPcloud Link
    Summary
    Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Systems Inc. myQNAPcloud Link Affected: unspecified , < 2.2.21 (custom)
    Create a notification for this product.
    Date Public
    2021-06-16 00:00
    Credits
    CJ Fairhead
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "QTS 4.5.3"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QuTS hero h4.5.2"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "QuTScloud c4.5.4"
              ],
              "product": "myQNAPcloud Link",
              "vendor": "QNAP Systems Inc.",
              "versions": [
                {
                  "lessThan": "2.2.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "CJ Fairhead"
            }
          ],
          "datePublic": "2021-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T04:00:11.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
            }
          ],
          "source": {
            "advisory": "QSA-21-26",
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Storage of Sensitive Information in myQNAPcloud Link",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2021-06-16T00:32:00.000Z",
              "ID": "CVE-2021-28815",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Storage of Sensitive Information in myQNAPcloud Link"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myQNAPcloud Link",
                          "version": {
                            "version_data": [
                              {
                                "platform": "QTS 4.5.3",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              },
                              {
                                "platform": "QuTS hero h4.5.2",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              },
                              {
                                "platform": "QuTScloud c4.5.4",
                                "version_affected": "\u003c",
                                "version_value": "2.2.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP Systems Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "CJ Fairhead"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 Insecure Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26",
                  "refsource": "MISC",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
              }
            ],
            "source": {
              "advisory": "QSA-21-26",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2021-28815",
        "datePublished": "2021-06-16T04:00:11.639Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:16:56.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }