What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisory Bulletin ID: QSA-21-23, QSA-21-24 and QSA-21-25

Concerning out-of-bounds read vulnerability in QSS, inclusion of sensitive information in QSS, and improper access control vulnerability in Helpdesk

QNAP Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of company’s products.

Use the following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Out-of-bounds read vulnerability in QSS
Release date: June 11, 2021
Security ID: QSA-21-23
Severity: Low
CVE identifier: CVE-2021-28801
Affected products: Certain QNAP switches

Summary
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system.

The company have already fixed this vulnerability in following versions:
QSW-M2108-2C: QSS 1.0.2 build 20210122 and later
QSW-M2108-2S: QSS 1.0.2 build 20210122 and later
QSW-M2108R-2C: QSS 1.0.2 build 20210122 and later.
Learn more

Inclusion of sensitive information in QSS
Release date: June 11, 2021
Security ID: QSA-21-24
Severity: High
CVE identifier: CVE-2021-28805
Affected products: Certain QNAP switches

Summary
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data.

The company have already fixed this vulnerability in following versions:
QSW-M2108-2C: QSS 1.0.3 build 20210505 and later
QSW-M2108-2S: QSS 1.0.3 build 20210505 and later
QSW-M2108R-2C: QSS 1.0.3 build 20210505 and later
QSW-M408: QSS 1.0.12 build 20210506 and later
Learn more

Improper access control vulnerability in Helpdesk
Release date: June 11, 2021
Security ID: QSA-21-25
Severity: High
CVE identifier: CVE-2021-28814
Affected products: All QNAP NAS

Summary
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software.

The company has already fixed this issue in Helpdesk 3.0.4 and later versions.

Learn more

Questions regarding this issue

Read also :
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E