Personal Cloud Storage
by Lenovo
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6281 | Hig | 0.57 | 8.8 | 0.00 | May 13, 2026 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | ||
| CVE-2026-6282 | Hig | 0.53 | 8.1 | 0.00 | May 13, 2026 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device. | ||
| CVE-2024-33580 | Hig | 0.51 | 7.8 | 0.00 | Oct 11, 2024 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | ||
| CVE-2021-42852 | 0.00 | — | 0.01 | May 18, 2022 | A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | |||
| CVE-2021-42851 | 0.00 | — | 0.01 | May 18, 2022 | A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | |||
| CVE-2021-42850 | 0.00 | — | 0.00 | May 18, 2022 | A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | |||
| CVE-2021-42849 | 0.00 | — | 0.00 | May 18, 2022 | A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | |||
| CVE-2021-42848 | 0.00 | — | 0.01 | May 18, 2022 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. |
- risk 0.57cvss 8.8epss 0.00
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
- risk 0.53cvss 8.1epss 0.00
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.
- risk 0.51cvss 7.8epss 0.00
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
- CVE-2021-42852May 18, 2022risk 0.00cvss —epss 0.01
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
- CVE-2021-42851May 18, 2022risk 0.00cvss —epss 0.01
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
- CVE-2021-42850May 18, 2022risk 0.00cvss —epss 0.00
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
- CVE-2021-42849May 18, 2022risk 0.00cvss —epss 0.00
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
- CVE-2021-42848May 18, 2022risk 0.00cvss —epss 0.01
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.