VYPR

NAS devices

by Lenovo

CVEs (2)

  • CVE-2018-9077HigSep 28, 2018
    risk 0.53cvss 8.1epss 0.02

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed…

  • CVE-2018-9074MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.01

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.