CVE-2021-42850
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Personal Cloud Storage A1 | unspecified < 5.3.6.a1 | affected |
| Lenovo | Personal Cloud Storage T1 | unspecified < 5.3.6.t1 | affected |
| Lenovo | Personal Cloud Storage X1 | unspecified < 5.3.8.x1 | affected |
| Lenovo | Personal Cloud Storage T2 | unspecified < 5.3.8.t2 | affected |
| Lenovo | Personal Cloud Storage T2Pro | unspecified < 5.3.7.t2-pro | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.