Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42850

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

Published

2022-05-18T16:15:08.303

Last Modified

2024-11-21T06:28:13.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	a1_firmware	< 5.3.6.a1	Yes
Hardware	lenovo	a1	-	No
Operating System	lenovo	t1_firmware	< 5.3.6.t1	Yes
Hardware	lenovo	t1	-	No
Operating System	lenovo	x1_firmware	< 5.3.8.x1	Yes
Hardware	lenovo	x1	-	No
Operating System	lenovo	t2_firmware	< 5.3.8.t2	Yes
Hardware	lenovo	t2	-	No
Operating System	lenovo	t2pro_firmware	< 5.3.7.t2-pro	Yes
Hardware	lenovo	t2pro	-	No

References

https://iknow.lenovo.com.cn/detail/dc_200017.html Vendor Advisory ([email protected])
https://iknow.lenovo.com.cn/detail/dc_200017.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)