Vulnerability Details : CVE-2021-42850
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Products affected by CVE-2021-42850
- cpe:2.3:o:lenovo:a1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:t1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:x1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:t2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:t2pro_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42850
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42850
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Lenovo Group Ltd. |
CWE ids for CVE-2021-42850
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by:
- nvd@nist.gov (Primary)
- psirt@lenovo.com (Secondary)
References for CVE-2021-42850
-
https://iknow.lenovo.com.cn/detail/dc_200017.html
【安全公告】LEN-73439 Lenovo Personal Cloud Storage 漏洞-联想知识库Vendor Advisory
Jump to