Home
HIGH: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NHIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 5.5.6.t2s.3
affected
Default status
unaffected
Any version before 5.4.8.t2pro.2
affected
Default status
unaffected
Any version before 5.4.8.x1s.2
affected
Default status
unaffected
Any version before 5.5.8.t20.1
affected
Default status
unaffected
Any version before 5.4.4.x20.1
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Description
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
Problem types
CWE-78: Improper Neutralization of Special Elements used in an OS Command
Product status
Any version before 5.5.6.t2s.3
Any version before 5.4.8.t2pro.2
Any version before 5.4.8.x1s.2
Any version before 5.5.8.t20.1
Any version before 5.4.4.x20.1
Any version
Any version
Any version
Any version
Any version
Credits
Lenovo thanks Wang Jincheng, Professor Yu Le from Nanjing University of Posts and Telecommunications and Professor Luo Xiapu from The Hong Kong Polytechnic University
References
iknow.lenovo.com.cn/detail/440274
pc.lenovo.com.cn/tips/Ann/t1_eol.html