Skip to main content

Lenovoemc Firmware

4 CVEs product

Monthly

CVE-2018-9077 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9076 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9075 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-9074 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal Lenovoemc Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
EPSS 2% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 2% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 4% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy