VYPR

LenovoEMC NAS

by Lenovo

CVEs (4)

  • CVE-2018-9078HigSep 28, 2018
    risk 0.57cvss 8.8epss 0.01

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.…

  • CVE-2018-9075HigSep 28, 2018
    risk 0.53cvss 8.1epss 0.04

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be…

  • CVE-2019-6178Aug 19, 2019
    risk 0.00cvss epss 0.01

    An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…

  • CVE-2019-6160Jul 16, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.