Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Personal Cloud Storage T2 by Lenovo

    CVE-2021-42852 (GCVE-0-2021-42852)

    Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42852",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42852",
        "datePublished": "2022-05-18T16:10:34.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42851 (GCVE-0-2021-42851)

    Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:32.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42851",
        "datePublished": "2022-05-18T16:10:32.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42850 (GCVE-0-2021-42850)

    Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:30.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42850",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42850",
        "datePublished": "2022-05-18T16:10:30.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42849 (GCVE-0-2021-42849)

    Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.219Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:28.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42849",
        "datePublished": "2022-05-18T16:10:28.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42848 (GCVE-0-2021-42848)

    Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:27.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42848",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42848",
        "datePublished": "2022-05-18T16:10:27.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42852 (GCVE-0-2021-42852)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42852",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42852",
        "datePublished": "2022-05-18T16:10:34.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42851 (GCVE-0-2021-42851)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:32.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42851",
        "datePublished": "2022-05-18T16:10:32.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42850 (GCVE-0-2021-42850)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:30.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42850",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42850",
        "datePublished": "2022-05-18T16:10:30.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42849 (GCVE-0-2021-42849)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.219Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:28.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42849",
        "datePublished": "2022-05-18T16:10:28.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42848 (GCVE-0-2021-42848)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
    VLAI
    Summary
    An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Personal Cloud Storage A1 Affected: unspecified , < 5.3.6.a1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T1 Affected: unspecified , < 5.3.6.t1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage X1 Affected: unspecified , < 5.3.8.x1 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2 Affected: unspecified , < 5.3.8.t2 (custom)
    Create a notification for this product.
    Lenovo Personal Cloud Storage T2Pro Affected: unspecified , < 5.3.7.t2-pro (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Personal Cloud Storage A1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.a1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.6.t1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage X1",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.x1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.8.t2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Personal Cloud Storage T2Pro",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.3.7.t2-pro",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:10:27.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
            }
          ],
          "source": {
            "advisory": "LEN-73439",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2021-42848",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Personal Cloud Storage A1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.a1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.6.t1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage X1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.x1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8.t2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Personal Cloud Storage T2Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.7.t2-pro"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
                  "refsource": "MISC",
                  "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."
              }
            ],
            "source": {
              "advisory": "LEN-73439",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2021-42848",
        "datePublished": "2022-05-18T16:10:27.000Z",
        "dateReserved": "2021-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:38:50.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }