Search

Security ID : QSA-21-26

Insecure Storage of Sensitive Information in myQNAPcloud Link

  • Release date : June 16, 2021

  • CVE identifier : CVE-2021-28815

  • Affected products: All QNAP NAS

Severity

Moderate

Status

Resolved

Summary

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.


We have already fixed this vulnerability in the following versions of myQNAPcloud Link:


  • QTS 4.5.3: myQNAPcloud Link 2.2.21 and later
  • QuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later
  • QuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later

Recommendation

To fix the vulnerability, we recommend updating myQNAPcloud Link to the latest version.


Updating myQNAPcloud Link

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “myQNAPcloud Link” and then press ENTER.
    myQNAPcloud Link appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your version is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: CJ Fairhead

Revision History: V1.0 (June 16, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top