8.8
CVE-2021-42850
- EPSS 0.04%
- Veröffentlicht 18.05.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:28:13
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ A1 Firmware Version < 5.3.6.a1
Lenovo ≫ T1 Firmware Version < 5.3.6.t1
Lenovo ≫ X1 Firmware Version < 5.3.8.x1
Lenovo ≫ T2 Firmware Version < 5.3.8.t2
Lenovo ≫ T2pro Firmware Version < 5.3.7.t2-pro
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.116 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@lenovo.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.