CVE-2021-42852

Summary

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.

Affected Software

VendorProductVersion RangeStatus
LenovoPersonal Cloud Storage A1unspecified < 5.3.6.a1affected
LenovoPersonal Cloud Storage T1unspecified < 5.3.6.t1affected
LenovoPersonal Cloud Storage X1unspecified < 5.3.8.x1affected
LenovoPersonal Cloud Storage T2unspecified < 5.3.8.t2affected
LenovoPersonal Cloud Storage T2Prounspecified < 5.3.7.t2-proaffected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References