Vulnerabilities > Lenovo > T2 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2021-42848 Missing Authorization vulnerability in Lenovo products
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
network
low complexity
lenovo CWE-862
5.3
2022-05-18 CVE-2021-42849 Improper Authentication vulnerability in Lenovo products
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
low complexity
lenovo CWE-287
6.8
2022-05-18 CVE-2021-42850 Use of Hard-coded Credentials vulnerability in Lenovo products
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
local
low complexity
lenovo CWE-798
7.8
2022-05-18 CVE-2021-42851 Unspecified vulnerability in Lenovo products
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
network
low complexity
lenovo
5.3
2022-05-18 CVE-2021-42852 OS Command Injection vulnerability in Lenovo products
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
low complexity
lenovo CWE-78
8.0