VYPR

Iomega NAS

by Lenovo

CVEs (3)

  • CVE-2018-9075HigSep 28, 2018
    risk 0.53cvss 8.1epss 0.04

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be…

  • CVE-2018-9080MedSep 28, 2018
    risk 0.38cvss 5.9epss 0.01

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's…

  • CVE-2019-6160Jul 16, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.