Security ID : QSA-21-37
Insufficiently Protected Credentials in QSW-M2116P-2T2S and QuNetSwitch
Release date : September 10, 2021
CVE identifier : CVE-2021-28813
Affected products: QSW-M2116P-2T2S, QNAP switches running QuNetSwitch
Severity
Important
Status
Resolved
Summary
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
We have already fixed this vulnerability in the following versions:
- QSW-M2116P-2T2S 1.0.6 build 210713 and later
- QGD-1600P: QuNetSwitch 1.0.6.1509 and later
- QGD-1602P: QuNetSwitch 1.0.6.1509 and later
- QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
Recommendation
To secure your device, we recommend regularly updating your system and applications to the latest versions to benefit from vulnerability fixes.
Updating QSW-M2116P-2T2S
- Log on to QSS.
- Go to System > Firmware Update > Live Update.
- Click Check for Update.
QSS checks for available firmware updates. - Click Update System.
A confirmation message appears. - Click Update.
- QSS downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
Updating QuNetSwitch
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “QuNetSwitch” and then press ENTER.
QuNetSwitch appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QuNetSwitch is already up to date. - Click OK.
The application is updated.
Revision History: V1.0 (September 10, 2021) - Published
