CVE-2021-3615

Published: Aug 17, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.

Affected (3)

Products: Lenovo: Smart Camera C2e Firmware, Smart Camera X3 Firmware, Smart Camera X5 Firmware

Lenovo

3 products

Smart Camera C2e Firmware

Smart Camera X3 Firmware

Smart Camera X5 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera C2e Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera C2e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera X3 Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera X3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Camera X5 Firmware	Before 01.03.29.16

Running on/with	Platform Versions
Lenovo Smart Camera X5	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://iknow.lenovo.com.cn/detail/dc_198417.html

Source: psirt@lenovo.com

Vendor Advisory

https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262

Source: psirt@lenovo.com

Not Applicable

https://iknow.lenovo.com.cn/detail/dc_198417.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cnvd.org.cn/flaw/show/CNVD-2021-45262

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.