Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-9074

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.

Published

2018-09-28T20:29:00.643

Last Modified

2024-11-21T04:14:55.240

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System lenovo lenovoemc_firmware ≤ 4.1.402.34662 Yes
Hardware lenovo iomega_ez_media_\&_backup_center - No
Hardware lenovo iomega_storcenter_ix2 - No
Hardware lenovo iomega_storcenter_ix2-dl - No
Hardware lenovo iomega_storcenter_ix4-300d - No
Hardware lenovo iomega_storcenter_px12-400r - No
Hardware lenovo iomega_storcenter_px12-450r - No
Hardware lenovo iomega_storcenter_px2-300d - No
Hardware lenovo iomega_storcenter_px4-300d - No
Hardware lenovo iomega_storcenter_px4-300r - No
Hardware lenovo iomega_storcenter_px6-300d - No
Hardware lenovo lenovo_ez_media_\&_backup_center - No
Hardware lenovo lenovo_ix2 - No
Hardware lenovo lenovo_ix4-300d - No
Hardware lenovo lenovoemc_px12-400r - No
Hardware lenovo lenovoemc_px12-450r - No
Hardware lenovo lenovoemc_px2-300d - No
Hardware lenovo lenovoemc_px4-300d - No
Hardware lenovo lenovoemc_px4-300r - No
Hardware lenovo lenovoemc_px4-400d - No
Hardware lenovo lenovoemc_px4-400r - No
Hardware lenovo lenovoemc_px6-300d - No
References