Search

安全ID : QSA-21-26

Insecure Storage of Sensitive Information in myQNAPcloud Link

  • 发布日期 : June 16, 2021

  • 通用漏洞披露 : CVE-2021-28815

  • 受影响产品: All QNAP NAS

严重程度

Moderate

状态

已解决

Summary

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.


We have already fixed this vulnerability in the following versions of myQNAPcloud Link:


  • QTS 4.5.3: myQNAPcloud Link 2.2.21 and later
  • QuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later
  • QuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later

Recommendation

To fix the vulnerability, we recommend updating myQNAPcloud Link to the latest version.


Updating myQNAPcloud Link

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “myQNAPcloud Link” and then press ENTER.
    myQNAPcloud Link appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your version is already up to date.
  5. Click OK.
    The application is updated.

致谢: CJ Fairhead

修订历史: V1.0 (June 16, 2021) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top