CVE-2021-28813 : Security Advisory and Response

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. The vulnerability has been assigned a CVSS base score of 9.6, indicating critical severity. QNAP Systems Inc. has released patches for the affected products.

Understanding CVE-2021-28813

CVE-2021-28813 is a vulnerability in QSW-M2116P-2T2S and QuNetSwitch devices that could allow remote attackers to access sensitive information due to insecure storage mechanisms.

What is CVE-2021-28813?

CVE-2021-28813 is an insufficiently protected credentials vulnerability that affects QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. The vulnerability could be exploited by remote attackers to read sensitive information.

The Impact of CVE-2021-28813

The impact of CVE-2021-28813 is critical, with a CVSS base score of 9.6. If successfully exploited, remote attackers can access sensitive information stored on the affected devices.

Technical Details of CVE-2021-28813

The vulnerability involves insecure storage of sensitive information in the affected QSW-M2116P-2T2S and QuNetSwitch devices. Remote attackers can leverage this to read sensitive data.

Vulnerability Description

The vulnerability allows remote attackers to access sensitive information through an unrestricted storage mechanism in QSW-M2116P-2T2S and QuNetSwitch devices.

Affected Systems and Versions

QSW-M2116P-2T2S: Version less than 1.0.6 build 210713
QGD-1600P: QuNetSwitch version less than 1.0.6.1509
QGD-1602P: QuNetSwitch version less than 1.0.6.1509
QGD-3014PT: QuNetSwitch version less than 1.0.6.1519

Exploitation Mechanism

Remote attackers exploit the vulnerability by remotely accessing the unrestricted storage mechanism on the affected devices.

Mitigation and Prevention

To protect your systems from CVE-2021-28813, immediate steps need to be taken to apply patches and updates released by QNAP Systems Inc. for the affected products.

Immediate Steps to Take

Ensure that the firmware is updated to the patched versions:

QSW-M2116P-2T2S: 1.0.6 build 210713 and later
QGD-1600P: QuNetSwitch 1.0.6.1509 and later
QGD-1602P: QuNetSwitch 1.0.6.1509 and later
QGD-3014PT: QuNetSwitch 1.0.6.1519 and later

Long-Term Security Practices

Implement regular security updates and follow best practices to secure your devices and networks against potential vulnerabilities.

Patching and Updates

Regularly check for security advisories from QNAP Systems Inc. and apply relevant patches and updates to protect your systems from known vulnerabilities.