Design/Logic Flaw

2018-09-2820:29:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

CPENameOperatorVersion
ez_media_\\&_backup_center_firmwareeq4.1.402.34662
ez_media_\\&_backup_center_firmwareeq4.1.402.34662
ix2_firmwareeq4.1.402.34662
ix4-300d_firmwareeq4.1.402.34662
px12-400r_firmwareeq4.1.402.34662
px12-450r_firmwareeq4.1.402.34662
px2-300d_firmwareeq4.1.402.34662
px4-300d_firmwareeq4.1.402.34662
px4-300r_firmwareeq4.1.402.34662
px4-400d_firmwareeq4.1.402.34662

Name	Operator	Version
ez_media_\\&_backup_center_firmware	eq	4.1.402.34662
ez_media_\\&_backup_center_firmware	eq	4.1.402.34662
ix2_firmware	eq	4.1.402.34662
ix4-300d_firmware	eq	4.1.402.34662
px12-400r_firmware	eq	4.1.402.34662
px12-450r_firmware	eq	4.1.402.34662
px2-300d_firmware	eq	4.1.402.34662
px4-300d_firmware	eq	4.1.402.34662
px4-300r_firmware	eq	4.1.402.34662
px4-400d_firmware	eq	4.1.402.34662