Vulnerabilities > Lenovo > Lenovoemc Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9077 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter.
network
high complexity
lenovo CWE-78
8.1
8.1
2018-09-28 CVE-2018-9076 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter.
network
high complexity
lenovo CWE-78
8.1
8.1
2018-09-28 CVE-2018-9075 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter.
network
high complexity
lenovo CWE-78
8.1
8.1
2018-09-28 CVE-2018-9074 Path Traversal vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal.
network
low complexity
lenovo CWE-22
6.5
6.5