Vulnerability Description
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | A1 Firmware | < 5.3.6.a1 |
| Lenovo | A1 | - |
| Lenovo | T1 Firmware | < 5.3.6.t1 |
| Lenovo | T1 | - |
| Lenovo | X1 Firmware | < 5.3.8.x1 |
| Lenovo | X1 | - |
| Lenovo | T2 Firmware | < 5.3.8.t2 |
| Lenovo | T2 | - |
| Lenovo | T2Pro Firmware | < 5.3.7.t2-pro |
| Lenovo | T2Pro | - |
Related Weaknesses (CWE)
References
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
FAQ
What is CVE-2021-42849?
CVE-2021-42849 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
How severe is CVE-2021-42849?
CVE-2021-42849 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42849?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo A1 Firmware, Lenovo A1, Lenovo T1 Firmware, Lenovo T1, Lenovo X1 Firmware.