LenovoEMC NAS
by Lenovo
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9078 | Hig | 0.57 | 8.8 | 0.01 | Sep 28, 2018 | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.… | ||
| CVE-2018-9075 | Hig | 0.53 | 8.1 | 0.04 | Sep 28, 2018 | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be… | ||
| CVE-2019-6178 | 0.00 | — | 0.01 | Aug 19, 2019 | An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file… | |||
| CVE-2019-6160 | 0.00 | — | 0.01 | Jul 16, 2019 | A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. |
- risk 0.57cvss 8.8epss 0.01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.…
- risk 0.53cvss 8.1epss 0.04
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be…
- CVE-2019-6178Aug 19, 2019risk 0.00cvss —epss 0.01
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…
- CVE-2019-6160Jul 16, 2019risk 0.00cvss —epss 0.01
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.