Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for lenovoemc_firmware by lenovo

    CVE-2018-9077 (GCVE-0-2018-9077)

    Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9077",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9077",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9076 (GCVE-0-2018-9076)

    Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9076",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9076",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9075 (GCVE-0-2018-9075)

    Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9075",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9075",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9074 (GCVE-0-2018-9074)

    Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
    Severity
    No CVSS data available.
    CWE
    • Path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9074",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9074",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9074 (GCVE-0-2018-9074)

    Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
    Severity
    No CVSS data available.
    CWE
    • Path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9074",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9074",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9077 (GCVE-0-2018-9077)

    Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9077",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9077",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9075 (GCVE-0-2018-9075)

    Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9075",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9075",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9076 (GCVE-0-2018-9076)

    Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    Iomega and LenovoEMC NAS Web UI Vulnerabilities
    Summary
    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Command Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Iomega StorCenter",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LenovoEMC",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "EZ Media and Backup Center",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThanOrEqual": "4.1.402.34662",
                  "status": "affected",
                  "version": "4.1.402.34662",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Command Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-28T19:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
            "discovery": "UNKNOWN"
          },
          "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9076",
              "STATE": "PUBLIC",
              "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Iomega StorCenter",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "LenovoEMC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "EZ Media and Backup Center",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_name": "4.1.402.34662",
                                "version_value": "4.1.402.34662"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Command Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9076",
        "datePublished": "2018-09-28T20:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }