{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T17:36:07.100","vulnerabilities":[{"cve":{"id":"CVE-2021-28801","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2021-06-11T07:15:06.490","lastModified":"2024-11-21T06:00:13.787","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C."},{"lang":"es","value":"Se ha reportado una vulnerabilidad de lectura fuera de límites que afecta a determinados switches de QNAP que ejecutan QSS. Si es explotada, esta vulnerabilidad permite a atacantes leer información confidencial en el sistema. Este problema afecta: QNAP Systems Inc. versiones de QSS versiones anteriores a 1.0.2 build 20210122 en QSW-M2108-2C; versiones anteriores a 1.0.2 build 20210122 en QSW-M2108-2S; versiones anteriores a 1.0.2 build 20210122 en QSW-M2108R-2C"}],"metrics":{"cvssMetricV31":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:qss:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.2","matchCriteriaId":"DEF245FB-7B7B-4050-8261-3EFB2E3D8F15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qnap:qsw-m2108-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"A690794E-3F9B-47DA-A365-E8F100C730E2"},{"vulnerable":false,"criteria":"cpe:2.3:h:qnap:qsw-m2108-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"21692724-A864-4CEB-898C-4E6691C403C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:qnap:qsw-m2108r-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"37F5E9FC-2CE2-473F-81C1-676BCCFFBD3D"}]}]}],"references":[{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]},{"url":"https://www.qnap.com/zh-tw/security-advisory/qsa-21-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}