{"containers": {"cna": {"affected": [{"product": "Personal Cloud Storage A1", "vendor": "Lenovo", "versions": [{"lessThan": "5.3.6.a1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Personal Cloud Storage T1", "vendor": "Lenovo", "versions": [{"lessThan": "5.3.6.t1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Personal Cloud Storage X1", "vendor": "Lenovo", "versions": [{"lessThan": "5.3.8.x1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Personal Cloud Storage T2", "vendor": "Lenovo", "versions": [{"lessThan": "5.3.8.t2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Personal Cloud Storage T2Pro", "vendor": "Lenovo", "versions": [{"lessThan": "5.3.7.t2-pro", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."}], "descriptions": [{"lang": "en", "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-18T16:10:30", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"}], "solutions": [{"lang": "en", "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."}], "source": {"advisory": "LEN-73439", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2021-42850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Personal Cloud Storage A1", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.6.a1"}]}}, {"product_name": "Personal Cloud Storage T1", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.6.t1"}]}}, {"product_name": "Personal Cloud Storage X1", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.8.x1"}]}}, {"product_name": "Personal Cloud Storage T2", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.8.t2"}]}}, {"product_name": "Personal Cloud Storage T2Pro", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.7.t2-pro"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html", "refsource": "MISC", "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"}]}, "solution": [{"lang": "en", "value": "Update to the Lenovo Personal Cloud Storage device firmware listed in the product table  in LEN-73439."}], "source": {"advisory": "LEN-73439", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:38:50.139Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2021-42850", "datePublished": "2022-05-18T16:10:30", "dateReserved": "2021-10-22T00:00:00", "dateUpdated": "2024-08-04T03:38:50.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:a1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B4B1A2-26BB-4282-98E2-A1330A0B420A", "versionEndExcluding": "5.3.6.a1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E4D45D6-C702-4093-BD49-50E237FD4D94", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:t1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58D149F6-8029-4DCB-AE37-F094CE09CCDC", "versionEndExcluding": "5.3.6.t1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AA9C614-61D6-4329-9BAE-EB24A68FAE6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:x1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "055D03D9-F4BE-4EAE-AF07-D8E807C0BF26", "versionEndExcluding": "5.3.8.x1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "282CCA7C-F1B8-4E0D-923D-36C1E630EBF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:t2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DECB887A-404E-4DFA-B1F0-B12DC2376487", "versionEndExcluding": "5.3.8.t2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:t2:-:*:*:*:*:*:*:*", "matchCriteriaId": "1783634F-B40E-48C4-8102-8112C9BC95F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:t2pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "44D09A84-C0BE-4EB6-99F8-30184D7C8A40", "versionEndExcluding": "5.3.7.t2-pro", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:t2pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E31C853A-15FD-4D72-BA16-395A282E1E6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access."}, {"lang": "es", "value": "En algunos dispositivos Lenovo Personal Cloud Storage fue reportado una contrase\u00f1a de administrador d\u00e9bil por defecto para la interfaz web y el puerto serie que podr\u00eda permitir el acceso no autorizado al dispositivo a un atacante con acceso f\u00edsico o a la red local"}], "id": "CVE-2021-42850", "lastModified": "2024-11-21T06:28:13.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-18T16:15:08.303", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "psirt@lenovo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}