CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

Information disclosure

An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details...

Default credentials

A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access...

Default credentials

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access...

Command injection

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

CVE-2021-42852

CVE-2021-42852 applies to Lenovo Personal Cloud Storage devices, where an authenticated user can trigger command execution by sending a crafted packet to the device. The affected component is the device’s handling of incoming packets that leads to command injection, with the impact described as f...

CVE-2021-42851

Technical details about CVE-2021-42851 are not publicly provided in the supplied documents. No specific affected versions, root cause, impact, or fixes are disclosed here. Monitor for updates.

CVE-2021-42850

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access...

CVE-2021-42850

Lenovo Personal Cloud Storage devices are described as vulnerable due to a weak default administrator password for the web interface and serial port, which could allow unauthorized device access from physical or local network access. Root cause stated: insecure default credentials. Impact implied...

CVE-2021-42849

Lenovo Personal Cloud Storage is affected by CVE-2021-42849 due to a weak default password on the serial port, enabling unauthorized device access with physical access. Public details across connected docs confirm the issue but do not specify a vendor fix or affected versions. One entry notes no ...

CVE-2021-42848

Technical details about CVE-2021-42848 are not publicly available in the provided documents. Monitor for updates from Lenovo and CVE feeds for affected products, versions, and remediation.

PT-2022-11707 · Lenovo · Lenovo Personal Cloud Storage

Name of the Vulnerable Software and Affected Versions: Lenovo Personal Cloud Storage devices affected versions not specified Description: A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account...

Lenovo Personal Cloud Storage 安全漏洞

Lenovo Personal Cloud Storage Lenovo Personal Cloud Storage is a personal cloud storage from Lenovo, a Chinese company. Lenovo Personal Cloud Storage has a security vulnerability that could be exploited to allow an unauthenticated user to create a standard user account...

Owncloud ownCloud Access Control Error Vulnerability

Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...

CVE-2021-32802

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

CVE-2021-32801

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...

Code injection

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...

OwnCloud Code Issues Vulnerabilities

Owncloud OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. A code issue vulnerability exists in OwnCloud that stems from a server-side request forgery vulnerability in the service. No detailed vulnerability details are available at this time...

Western Digital My Cloud OS 5 Licensing Issue Vulnerability

Western Digital My Cloud is a personal cloud storage device from Western Digital, Inc. An authorization issue vulnerability exists in versions prior to Western Digital My Cloud OS 5.07.118, which could be exploited by attackers to gain access to the device...