Vulnerability Description
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | A1 Firmware | < 5.3.6.a1 |
| Lenovo | A1 | - |
| Lenovo | T1 Firmware | < 5.3.6.t1 |
| Lenovo | T1 | - |
| Lenovo | X1 Firmware | < 5.3.8.x1 |
| Lenovo | X1 | - |
| Lenovo | T2 Firmware | < 5.3.8.t2 |
| Lenovo | T2 | - |
| Lenovo | T2Pro Firmware | < 5.3.7.t2-pro |
| Lenovo | T2Pro | - |
Related Weaknesses (CWE)
References
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
FAQ
What is CVE-2021-42848?
CVE-2021-42848 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
How severe is CVE-2021-42848?
CVE-2021-42848 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42848?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo A1 Firmware, Lenovo A1, Lenovo T1 Firmware, Lenovo T1, Lenovo X1 Firmware.