CVE-2021-42850 HIGH

CVE-2021-42850

Vendor Lenovo

Product Personal Cloud Storage A1

Weakness CWE-798 · Hardcoded credentials

Published May 18, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

Key dates

02Disclosure timeline

May 18, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42850 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/798.html

Related vulnerabilities

Identifiers

CVE CVE-2021-42850

CWE CWE-798

CVSS 8.8 / HIGH

Affected versions

Vendor Lenovo

Product Personal Cloud Storage A1

Affected ≥ unspecified and < 5.3.6.a1

Vendor Lenovo

Product Personal Cloud Storage T1

Affected ≥ unspecified and < 5.3.6.t1

Vendor Lenovo

Product Personal Cloud Storage X1

Affected ≥ unspecified and < 5.3.8.x1

Vendor Lenovo

Product Personal Cloud Storage T2

Affected ≥ unspecified and < 5.3.8.t2

Vendor Lenovo

Product Personal Cloud Storage T2Pro

Affected ≥ unspecified and < 5.3.7.t2-pro

CVE-2021-42850

01Description

02Disclosure timeline

03References

04Related CVE