Vulnerability Description
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | A1 Firmware | < 5.3.6.a1 |
| Lenovo | A1 | - |
| Lenovo | T1 Firmware | < 5.3.6.t1 |
| Lenovo | T1 | - |
| Lenovo | X1 Firmware | < 5.3.8.x1 |
| Lenovo | X1 | - |
| Lenovo | T2 Firmware | < 5.3.8.t2 |
| Lenovo | T2 | - |
| Lenovo | T2Pro Firmware | < 5.3.7.t2-pro |
| Lenovo | T2Pro | - |
Related Weaknesses (CWE)
References
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
FAQ
What is CVE-2021-42852?
CVE-2021-42852 is a vulnerability with a CVSS score of 8.0 (HIGH). A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to ...
How severe is CVE-2021-42852?
CVE-2021-42852 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42852?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo A1 Firmware, Lenovo A1, Lenovo T1 Firmware, Lenovo T1, Lenovo X1 Firmware.