1. Home
  2. CVE Database
  3. CVE-2018-9076
HIGH · 8.1

CVE-2018-9076

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters i...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoLenovoemc Firmware<= 4.1.402.34662
LenovoIomega Ez Media \& Backup Center-
LenovoIomega Storcenter Ix2-
LenovoIomega Storcenter Ix2-Dl-
LenovoIomega Storcenter Ix4-300D-
LenovoIomega Storcenter Px12-400R-
LenovoIomega Storcenter Px12-450R-
LenovoIomega Storcenter Px2-300D-
LenovoIomega Storcenter Px4-300D-
LenovoIomega Storcenter Px4-300R-
LenovoIomega Storcenter Px6-300D-
LenovoLenovo Ez Media \& Backup Center-
LenovoLenovo Ix2-
LenovoLenovo Ix4-300D-
LenovoLenovoemc Px12-400R-
LenovoLenovoemc Px12-450R-
LenovoLenovoemc Px2-300D-
LenovoLenovoemc Px4-300D-
LenovoLenovoemc Px4-300R-
LenovoLenovoemc Px4-400D-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2018-9076?

CVE-2018-9076 is a vulnerability with a CVSS score of 8.1 (HIGH). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters i...

How severe is CVE-2018-9076?

CVE-2018-9076 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9076?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Lenovoemc Firmware, Lenovo Iomega Ez Media \& Backup Center, Lenovo Iomega Storcenter Ix2, Lenovo Iomega Storcenter Ix2-Dl, Lenovo Iomega Storcenter Ix4-300D.