CVE-2018-9074
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
Affected (1)
Products: Lenovo: Lenovoemc Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.1.402.34662 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Iomega Ez Media & Backup Center | All versions |
Lenovo Iomega Storcenter Ix2 | All versions |
Lenovo Iomega Storcenter Ix2 Dl | All versions |
Lenovo Iomega Storcenter Ix4 300d | All versions |
Lenovo Iomega Storcenter Px12 400r | All versions |
Lenovo Iomega Storcenter Px12 450r | All versions |
Lenovo Iomega Storcenter Px2 300d | All versions |
Lenovo Iomega Storcenter Px4 300d | All versions |
Lenovo Iomega Storcenter Px4 300r | All versions |
Lenovo Iomega Storcenter Px6 300d | All versions |
Lenovo Lenovo Ez Media & Backup Center | All versions |
Lenovo Lenovo Ix2 | All versions |
Lenovo Lenovo Ix4 300d | All versions |
Lenovo Lenovoemc Px12 400r | All versions |
Lenovo Lenovoemc Px12 450r | All versions |
Lenovo Lenovoemc Px2 300d | All versions |
Lenovo Lenovoemc Px4 300d | All versions |
Lenovo Lenovoemc Px4 300r | All versions |
Lenovo Lenovoemc Px4 400d | All versions |
Lenovo Lenovoemc Px4 400r | All versions |
Lenovo Lenovoemc Px6 300d | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.