Vulnerabilities > Lenovo > Lenovoemc Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9077 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter.
network
high complexity
lenovo CWE-78
8.1
8.1
2018-09-28 CVE-2018-9076 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter.
network
high complexity
lenovo CWE-78
8.1
8.1
2018-09-28 CVE-2018-9075 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter.
network
high complexity
lenovo CWE-78
8.1
8.1