GCVE - cpe:2.3:a:qnap_systems_inc.:qunetswitch:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:qnap_systems_inc.:qunetswitch:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Qnap Systems Inc. (`1f66ac1e-0889-51bf-b27f-24c7175e5920`)
Product	Qunetswitch (`59179c98-bb76-5699-aa91-db5d849eeb74`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-22902`	vulnerable	2026-06-03 15:15:54.331444	QuNetSwitch A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later Published: 2026-03-20T16:21:07.923Z Updated: 2026-03-25T14:05:39.936Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-26-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-22901`	vulnerable	2026-06-03 15:15:54.331083	QuNetSwitch A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later Published: 2026-03-20T16:21:19.890Z Updated: 2026-03-25T14:05:15.945Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-26-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-22900`	vulnerable	2026-06-03 15:15:54.330605	QuNetSwitch A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later Published: 2026-03-20T16:21:25.342Z Updated: 2026-03-25T14:04:41.325Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-26-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-22897`	vulnerable	2026-06-03 15:15:54.327329	QuNetSwitch A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later Published: 2026-03-20T16:21:35.769Z Updated: 2026-03-25T14:03:53.117Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-26-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-28813`	vulnerable	2026-06-03 14:44:18.820978	Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch CRITICAL (9.6) A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later Published: 2021-09-10T04:00:20.068Z Updated: 2024-09-17T00:21:02.142Z Open on db.gcve.eu Reference links https://www.qnap.com/en/security-advisory/qsa-21-37	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.