Search criteria
12 vulnerabilities found for lenovoemc_firmware by lenovo
FKIE_CVE-2018-9074
Vulnerability from fkie_nvd - Published: 2018-09-28 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:lenovoemc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807B7582-8A34-4497-A2D7-BEF260790FD1",
"versionEndIncluding": "4.1.402.34662",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:iomega_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76CDC771-1E75-4FA2-ACAD-6B76A3B41E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6174F7-8D2C-4EA2-84B5-2F336C4921D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F81E4-64E2-42F3-8BF9-0E0B2C4B901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCCCF7E-0A84-44DC-A48B-577183A4BA7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D840F199-8607-470E-9AE9-97459C041C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED64A7B-B398-4A21-A93A-17C9CF9D6AC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B10F7589-A7F5-4CA3-A959-0FC457EC605D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "179EC0F5-606D-4DC2-898A-D243AB12680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74B9A44-814D-4415-BC82-0C3BE0E6FCF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF84CD08-A8D6-4C6E-9A4C-BC32981EF8C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C52F618-C9B0-470B-96BB-3BFB01797D47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED38E2D0-50BE-4D0F-AD79-BCC14FBF17E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39F19015-369E-41F4-A543-7B56C08194B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A437398-827A-4A22-AC7B-984BABEE328A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C29B73-FC3B-4440-B75B-7454E8AE5403",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE20E31A-28B9-4186-B3D0-60619799E8B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4AD8BC-4BCA-4850-8058-AE4B669A4C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014B2DE3-3012-4821-8CC8-A90474C95DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2EB779-CFAA-45BB-8D4B-DD6CFB31A34A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C208CA2-2928-43FC-8477-895738579855",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD5BFDB-E0A0-4C36-8102-05D5F0DAA87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, la funcionalidad de subida de archivos de la aplicaci\u00f3n Content Explorer es vulnerable a salto de directorio. Como resultado, los usuarios pueden subir archivos en cualquier parte del sistema operativo del dispositivo como usuario root."
}
],
"id": "CVE-2018-9074",
"lastModified": "2024-11-21T04:14:55.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:00.643",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-9076
Vulnerability from fkie_nvd - Published: 2018-09-28 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:lenovoemc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807B7582-8A34-4497-A2D7-BEF260790FD1",
"versionEndIncluding": "4.1.402.34662",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:iomega_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76CDC771-1E75-4FA2-ACAD-6B76A3B41E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6174F7-8D2C-4EA2-84B5-2F336C4921D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F81E4-64E2-42F3-8BF9-0E0B2C4B901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCCCF7E-0A84-44DC-A48B-577183A4BA7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D840F199-8607-470E-9AE9-97459C041C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED64A7B-B398-4A21-A93A-17C9CF9D6AC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B10F7589-A7F5-4CA3-A959-0FC457EC605D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "179EC0F5-606D-4DC2-898A-D243AB12680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74B9A44-814D-4415-BC82-0C3BE0E6FCF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF84CD08-A8D6-4C6E-9A4C-BC32981EF8C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C52F618-C9B0-470B-96BB-3BFB01797D47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED38E2D0-50BE-4D0F-AD79-BCC14FBF17E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39F19015-369E-41F4-A543-7B56C08194B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A437398-827A-4A22-AC7B-984BABEE328A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C29B73-FC3B-4440-B75B-7454E8AE5403",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE20E31A-28B9-4186-B3D0-60619799E8B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4AD8BC-4BCA-4850-8058-AE4B669A4C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014B2DE3-3012-4821-8CC8-A90474C95DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2EB779-CFAA-45BB-8D4B-DD6CFB31A34A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C208CA2-2928-43FC-8477-895738579855",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD5BFDB-E0A0-4C36-8102-05D5F0DAA87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al cambiar el nombre de una compartici\u00f3n, un atacante puede manipular una carga \u00fatil de inyecci\u00f3n de comandos unirse a una instalaci\u00f3n PersonalCloud, un atacante puede manipular una carga \u00fatil de inyecci\u00f3n de comandos utilizando caracteres de comilla hacia atr\u00e1s \"``\" en el par\u00e1metro name. Como resultado, podr\u00edan ejecutarse comandos arbitrarios como el usuario root. El ataque requiere un valor __c y un par\u00e1metro iomega."
}
],
"id": "CVE-2018-9076",
"lastModified": "2024-11-21T04:14:55.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:00.860",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-9075
Vulnerability from fkie_nvd - Published: 2018-09-28 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:lenovoemc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807B7582-8A34-4497-A2D7-BEF260790FD1",
"versionEndIncluding": "4.1.402.34662",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:iomega_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76CDC771-1E75-4FA2-ACAD-6B76A3B41E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6174F7-8D2C-4EA2-84B5-2F336C4921D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F81E4-64E2-42F3-8BF9-0E0B2C4B901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCCCF7E-0A84-44DC-A48B-577183A4BA7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D840F199-8607-470E-9AE9-97459C041C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED64A7B-B398-4A21-A93A-17C9CF9D6AC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B10F7589-A7F5-4CA3-A959-0FC457EC605D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "179EC0F5-606D-4DC2-898A-D243AB12680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74B9A44-814D-4415-BC82-0C3BE0E6FCF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF84CD08-A8D6-4C6E-9A4C-BC32981EF8C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C52F618-C9B0-470B-96BB-3BFB01797D47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED38E2D0-50BE-4D0F-AD79-BCC14FBF17E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39F19015-369E-41F4-A543-7B56C08194B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A437398-827A-4A22-AC7B-984BABEE328A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C29B73-FC3B-4440-B75B-7454E8AE5403",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE20E31A-28B9-4186-B3D0-60619799E8B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4AD8BC-4BCA-4850-8058-AE4B669A4C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014B2DE3-3012-4821-8CC8-A90474C95DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2EB779-CFAA-45BB-8D4B-DD6CFB31A34A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C208CA2-2928-43FC-8477-895738579855",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD5BFDB-E0A0-4C36-8102-05D5F0DAA87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al unirse a una instalaci\u00f3n PersonalCloud, un atacante puede manipular una carga \u00fatil de inyecci\u00f3n de comandos utilizando caracteres de comilla hacia atr\u00e1s \"``\" en el par\u00e1metro client:password. Como resultado, podr\u00edan ejecutarse comandos arbitrarios como el usuario root. El ataque requiere un valor __c y un par\u00e1metro iomega."
}
],
"id": "CVE-2018-9075",
"lastModified": "2024-11-21T04:14:55.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:00.753",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-9077
Vulnerability from fkie_nvd - Published: 2018-09-28 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:lenovoemc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807B7582-8A34-4497-A2D7-BEF260790FD1",
"versionEndIncluding": "4.1.402.34662",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:iomega_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76CDC771-1E75-4FA2-ACAD-6B76A3B41E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6174F7-8D2C-4EA2-84B5-2F336C4921D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F81E4-64E2-42F3-8BF9-0E0B2C4B901B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCCCF7E-0A84-44DC-A48B-577183A4BA7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D840F199-8607-470E-9AE9-97459C041C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED64A7B-B398-4A21-A93A-17C9CF9D6AC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B10F7589-A7F5-4CA3-A959-0FC457EC605D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "179EC0F5-606D-4DC2-898A-D243AB12680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74B9A44-814D-4415-BC82-0C3BE0E6FCF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF84CD08-A8D6-4C6E-9A4C-BC32981EF8C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C52F618-C9B0-470B-96BB-3BFB01797D47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED38E2D0-50BE-4D0F-AD79-BCC14FBF17E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39F19015-369E-41F4-A543-7B56C08194B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A437398-827A-4A22-AC7B-984BABEE328A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C29B73-FC3B-4440-B75B-7454E8AE5403",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE20E31A-28B9-4186-B3D0-60619799E8B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4AD8BC-4BCA-4850-8058-AE4B669A4C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "014B2DE3-3012-4821-8CC8-A90474C95DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2EB779-CFAA-45BB-8D4B-DD6CFB31A34A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C208CA2-2928-43FC-8477-895738579855",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovoemc_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD5BFDB-E0A0-4C36-8102-05D5F0DAA87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al cambiar el nombre de una compartici\u00f3n, un atacante puede manipular una carga \u00fatil de inyecci\u00f3n de comandos unirse a una instalaci\u00f3n PersonalCloud, un atacante puede manipular una carga \u00fatil de inyecci\u00f3n de comandos utilizando caracteres de comilla hacia atr\u00e1s \"``\" en el par\u00e1metro share : name. Como resultado, podr\u00edan ejecutarse comandos arbitrarios como el usuario root. El ataque requiere un valor __c y un par\u00e1metro iomega."
}
],
"id": "CVE-2018-9077",
"lastModified": "2024-11-21T04:14:55.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:00.970",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-9075 (GCVE-0-2018-9075)
Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9075",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9075",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9077 (GCVE-0-2018-9077)
Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9077",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9077",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9074 (GCVE-0-2018-9074)
Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
Severity ?
No CVSS data available.
CWE
- Path traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9074",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9074",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9076 (GCVE-0-2018-9076)
Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9076",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9076",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9075 (GCVE-0-2018-9075)
Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9075",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9075",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9077 (GCVE-0-2018-9077)
Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9077",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9077",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9074 (GCVE-0-2018-9074)
Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
Severity ?
No CVSS data available.
CWE
- Path traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9074",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device\u0027s operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9074",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9076 (GCVE-0-2018-9076)
Vulnerability from nvd – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Title
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
Severity ?
No CVSS data available.
CWE
- Arbitrary Command Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo Group LTD | Iomega StorCenter |
Affected:
4.1.402.34662 , ≤ 4.1.402.34662
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9076",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9076",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}