1. Home
  2. CVE Database
  3. CVE-2018-9074
MEDIUM · 6.5

CVE-2018-9074

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
LenovoLenovoemc Firmware<= 4.1.402.34662
LenovoIomega Ez Media \& Backup Center-
LenovoIomega Storcenter Ix2-
LenovoIomega Storcenter Ix2-Dl-
LenovoIomega Storcenter Ix4-300D-
LenovoIomega Storcenter Px12-400R-
LenovoIomega Storcenter Px12-450R-
LenovoIomega Storcenter Px2-300D-
LenovoIomega Storcenter Px4-300D-
LenovoIomega Storcenter Px4-300R-
LenovoIomega Storcenter Px6-300D-
LenovoLenovo Ez Media \& Backup Center-
LenovoLenovo Ix2-
LenovoLenovo Ix4-300D-
LenovoLenovoemc Px12-400R-
LenovoLenovoemc Px12-450R-
LenovoLenovoemc Px2-300D-
LenovoLenovoemc Px4-300D-
LenovoLenovoemc Px4-300R-
LenovoLenovoemc Px4-400D-

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2018-9074?

CVE-2018-9074 is a vulnerability with a CVSS score of 6.5 (MEDIUM). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users...

How severe is CVE-2018-9074?

CVE-2018-9074 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9074?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Lenovoemc Firmware, Lenovo Iomega Ez Media \& Backup Center, Lenovo Iomega Storcenter Ix2, Lenovo Iomega Storcenter Ix2-Dl, Lenovo Iomega Storcenter Ix4-300D.