Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for t2pro_firmware by lenovo
CVE-2021-42852 (GCVE-0-2021-42852)
Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:34.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42852",
"datePublished": "2022-05-18T16:10:34.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42851 (GCVE-0-2021-42851)
Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:32.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42851",
"datePublished": "2022-05-18T16:10:32.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42850 (GCVE-0-2021-42850)
Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Severity ?
8.8 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:30.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42850",
"datePublished": "2022-05-18T16:10:30.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42849 (GCVE-0-2021-42849)
Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
Severity ?
6.8 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:28.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42849",
"datePublished": "2022-05-18T16:10:28.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42848 (GCVE-0-2021-42848)
Vulnerability from nvd – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:27.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42848",
"datePublished": "2022-05-18T16:10:27.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42852 (GCVE-0-2021-42852)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:34.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42852",
"datePublished": "2022-05-18T16:10:34.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42851 (GCVE-0-2021-42851)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:32.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42851",
"datePublished": "2022-05-18T16:10:32.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42850 (GCVE-0-2021-42850)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Severity ?
8.8 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:30.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42850",
"datePublished": "2022-05-18T16:10:30.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42849 (GCVE-0-2021-42849)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
Severity ?
6.8 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:28.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42849",
"datePublished": "2022-05-18T16:10:28.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42848 (GCVE-0-2021-42848)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:10 – Updated: 2024-08-04 03:38
VLAI?
Summary
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 |
Affected:
unspecified , < 5.3.6.a1
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personal Cloud Storage A1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.a1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.6.t1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage X1",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.x1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.8.t2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Personal Cloud Storage T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.3.7.t2-pro",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:27.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-42848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personal Cloud Storage A1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.a1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.6.t1"
}
]
}
},
{
"product_name": "Personal Cloud Storage X1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.x1"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8.t2"
}
]
}
},
{
"product_name": "Personal Cloud Storage T2Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.7.t2-pro"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table in LEN-73439."
}
],
"source": {
"advisory": "LEN-73439",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-42848",
"datePublished": "2022-05-18T16:10:27.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}