CVE-2021-28815 MEDIUM

CVE-2021-28815: Insecure Storage of Sensitive Information in myQNAPcloud Link

Vendor Qnap Systems Inc.
Product myQNAPcloud Link
Weakness CWE-922
Published June 16, 2021
Last update September 17, 2024

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.

Key dates

02Disclosure timeline

June 16, 2021 CVE published
September 17, 2024 Record updated