Search criteria
6 vulnerabilities found for Smart Camera X3, X5, and C2E firmware by Lenovo
CVE-2021-3617 (GCVE-0-2021-3617)
Vulnerability from cvelistv5 – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:29",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3617",
"datePublished": "2021-08-17T16:25:29",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3616 (GCVE-0-2021-3616)
Vulnerability from cvelistv5 – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
Severity ?
9.4 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:27",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3616",
"datePublished": "2021-08-17T16:25:27",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3615 (GCVE-0-2021-3615)
Vulnerability from cvelistv5 – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.
Severity ?
6.6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3615",
"datePublished": "2021-08-17T16:25:25",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3617 (GCVE-0-2021-3617)
Vulnerability from nvd – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:29",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3617",
"datePublished": "2021-08-17T16:25:29",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3616 (GCVE-0-2021-3616)
Vulnerability from nvd – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
Severity ?
9.4 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:27",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3616",
"datePublished": "2021-08-17T16:25:27",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3615 (GCVE-0-2021-3615)
Vulnerability from nvd – Published: 2021-08-17 16:25 – Updated: 2024-08-03 17:01
VLAI?
Summary
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.
Severity ?
6.6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Smart Camera X3, X5, and C2E firmware |
Affected:
unspecified , < 01.03.29.16
(custom)
|
Credits
Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Camera X3, X5, and C2E firmware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "01.03.29.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T16:25:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Camera X3, X5, and C2E firmware",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "01.03.29.16"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Charles Jiang and Xingcan Chen from Lenovo Global Security Lab for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iknow.lenovo.com.cn/detail/dc_198417.html",
"refsource": "MISC",
"url": "https://iknow.lenovo.com.cn/detail/dc_198417.html"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Smart Camera X3, X5, and C2E firmware version 01.03.29.16 or later."
}
],
"source": {
"advisory": "LEN-49262",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3615",
"datePublished": "2021-08-17T16:25:25",
"dateReserved": "2021-06-23T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}