VYPR
Vendor

Iomega

Products
11
CVEs
13
Across products
20
Status
Private

Products

11

Recent CVEs

13
  • CVE-2009-2367CriJul 8, 2009
    risk 0.69cvss 9.8epss 0.23

    cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

  • CVE-2002-1949HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.

  • CVE-2026-22626MedJan 30, 2026
    risk 0.32cvss 4.9epss 0.00

    Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.

  • CVE-2026-22625MedJan 30, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

  • CVE-2026-22624MedJan 30, 2026
    risk 0.28cvss 4.3epss 0.00

    Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.

  • CVE-2001-0110Mar 12, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.

  • CVE-2025-50464Jul 30, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8,…

  • CVE-2021-46788May 13, 2022
    risk 0.00cvss epss 0.01

    Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

  • CVE-2019-6178Aug 19, 2019
    risk 0.00cvss epss 0.01

    An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…

  • CVE-2012-2283Aug 16, 2012
    risk 0.00cvss epss 0.01

    The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before…

  • CVE-2002-1863Dec 31, 2002
    risk 0.00cvss epss 0.00

    Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.

  • CVE-2002-1955Dec 31, 2002
    risk 0.00cvss epss 0.01

    Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.

  • CVE-1999-1174Dec 21, 2001
    risk 0.00cvss epss 0.00

    ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the…