CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:a1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:a1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:t1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:t1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:x1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:t2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:t2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:t2pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:t2pro:-:*:*:*:*:*:*:*

Information

Published : 2022-05-18 09:15

Updated : 2022-05-25 21:52


NVD link : CVE-2021-42852

Mitre link : CVE-2021-42852


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

lenovo

  • t2pro
  • a1
  • t2pro_firmware
  • x1_firmware
  • t1
  • x1
  • t2
  • a1_firmware
  • t1_firmware
  • t2_firmware