Information disclosure

2019-08-1916:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

CPENameOperatorVersion
home_media_network_hard_drive_firmwareeq3.2.16.30221
ix12-300r_firmwareeq4.0.24.34808
px12-350r_firmwareeq4.0.24.34808
storecenter_ix2-200_firmwareeq3.2.16.30221
storecenter_ix2-200_firmwareeq2.1.50.30227
storecenter_ix4-200d_firmwareeq3.2.16.30221
storecenter_ix4-200d_firmwareeq2.1.50.30227
storecenter_ix4-200rl_firmwareeq2.1.50.30227

Name	Operator	Version
home_media_network_hard_drive_firmware	eq	3.2.16.30221
ix12-300r_firmware	eq	4.0.24.34808
px12-350r_firmware	eq	4.0.24.34808
storecenter_ix2-200_firmware	eq	3.2.16.30221
storecenter_ix2-200_firmware	eq	2.1.50.30227
storecenter_ix4-200d_firmware	eq	3.2.16.30221
storecenter_ix4-200d_firmware	eq	2.1.50.30227
storecenter_ix4-200rl_firmware	eq	2.1.50.30227

References

support.lenovo.com/solutions/LEN-25557