安全ID : QSA-21-37
Insufficiently Protected Credentials in QSW-M2116P-2T2S and QuNetSwitch
发布日期 : September 10, 2021
通用漏洞披露 : CVE-2021-28813
受影响产品: QSW-M2116P-2T2S, QNAP switches running QuNetSwitch
严重程度
Important
状态
已解决
Summary
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
We have already fixed this vulnerability in the following versions:
- QSW-M2116P-2T2S 1.0.6 build 210713 and later
- QGD-1600P: QuNetSwitch 1.0.6.1509 and later
- QGD-1602P: QuNetSwitch 1.0.6.1509 and later
- QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Recommendation
To secure your device, we recommend regularly updating your system and applications to the latest versions to benefit from vulnerability fixes.
Updating QSW-M2116P-2T2S
- Log on to QSS.
- Go to System > Firmware Update > Live Update.
- Click Check for Update.
QSS checks for available firmware updates. - Click Update System.
A confirmation message appears. - Click Update.
- QSS downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
Updating QuNetSwitch
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “QuNetSwitch” and then press ENTER.
QuNetSwitch appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QuNetSwitch is already up to date. - Click OK.
The application is updated.
修订历史: V1.0 (September 10, 2021) - Published