Vulnerabilities > Lenovo > Iomega Storcenter IX2 DL

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9077 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter.
network
lenovo CWE-78
critical
 9.3
9.3
2018-09-28 CVE-2018-9076 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter.
network
lenovo CWE-78
critical
 9.3
9.3
2018-09-28 CVE-2018-9075 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter.
network
lenovo CWE-78
critical
 9.3
9.3
2018-09-28 CVE-2018-9074 Path Traversal vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal.
network
low complexity
lenovo CWE-22
6.8
6.8