Search

Security ID : QSA-21-23

Out-of-Bounds Read Vulnerability in QSS

  • Release date : June 11, 2021

  • CVE identifier : CVE-2021-28801

  • Affected products: Certain QNAP Switches

Severity

Low

Status

Resolved

Summary

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system.


We have already fixed this vulnerability in the following versions:


  • QSW-M2108-2C: QSS 1.0.2 build 20210122 and later
  • QSW-M2108-2S: QSS 1.0.2 build 20210122 and later
  • QSW-M2108R-2C: QSS 1.0.2 build 20210122 and later

Recommendation

To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes.


Updating QSS

  1. Log on to QSS.
  2. Go to System > Firmware Update > Live Update.
  3. Click Check for Update.
    QSS checks for available firmware updates.
  4. Click Update System.
    A confirmation message appears.
  5. Click Update.
    6. QSS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Acknowledgements: Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group

Revision History: V1.0 (June 11, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top