VYPR

Personal Cloud Storage

by Lenovo

CVEs (8)

  • CVE-2026-6281HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

  • CVE-2026-6282HigMay 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

  • CVE-2024-33580HigOct 11, 2024
    risk 0.51cvss 7.8epss 0.00

    A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

  • CVE-2021-42852May 18, 2022
    risk 0.00cvss epss 0.01

    A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.

  • CVE-2021-42851May 18, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.

  • CVE-2021-42850May 18, 2022
    risk 0.00cvss epss 0.00

    A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

  • CVE-2021-42849May 18, 2022
    risk 0.00cvss epss 0.00

    A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.

  • CVE-2021-42848May 18, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.