{"containers":{"cna":{"affected":[{"platforms":["QSW-M2108-2C"],"product":"QSS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"1.0.2 build 20210122","status":"affected","version":"unspecified","versionType":"custom"}]},{"platforms":["QSW-M2108-2S"],"product":"QSS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"1.0.2 build 20210122","status":"affected","version":"unspecified","versionType":"custom"}]},{"platforms":["QSW-M2108R-2C"],"product":"QSS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"1.0.2 build 20210122","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group"}],"datePublic":"2021-06-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-06-11T06:35:14.000Z","orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"}],"solutions":[{"lang":"en","value":"QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"}],"source":{"advisory":"QSA-21-23","discovery":"EXTERNAL"},"title":"Out-of-Bounds Read Vulnerability in QSS","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@qnap.com","DATE_PUBLIC":"2021-06-11T06:01:00.000Z","ID":"CVE-2021-28801","STATE":"PUBLIC","TITLE":"Out-of-Bounds Read Vulnerability in QSS"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"QSS","version":{"version_data":[{"platform":"QSW-M2108-2C","version_affected":"<","version_value":"1.0.2 build 20210122"},{"platform":"QSW-M2108-2S","version_affected":"<","version_value":"1.0.2 build 20210122"},{"platform":"QSW-M2108R-2C","version_affected":"<","version_value":"1.0.2 build 20210122"}]}}]},"vendor_name":"QNAP Systems Inc."}]}},"credit":[{"lang":"eng","value":"Qian Chen from Codesafe Team of Legendsec at Qi'anxin Group"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125 Out-of-bounds Read"}]}]},"references":{"reference_data":[{"name":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23","refsource":"MISC","url":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"}]},"solution":[{"lang":"en","value":"QNAP have already fixed this vulnerability in the following versions:\n\nQSW-M2108-2C: QSS 1.0.2 build 20210122 and later\nQSW-M2108-2S: QSS 1.0.2 build 20210122 and later\nQSW-M2108R-2C: QSS 1.0.2 build 20210122 and later"}],"source":{"advisory":"QSA-21-23","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T21:55:11.777Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23"}]}]},"cveMetadata":{"assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","assignerShortName":"qnap","cveId":"CVE-2021-28801","datePublished":"2021-06-11T06:35:14.369Z","dateReserved":"2021-03-18T00:00:00.000Z","dateUpdated":"2024-09-17T00:06:25.170Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}