Description
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/solutions/LEN-25557
Scores
CVSS v3
8.8
EPSS
0.0041
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (8)
lenovo/home_media_network_hard_drive_firmware
< 3.2.16.30221
lenovo/ix12-300r_firmware
< 4.0.24.34808
lenovo/px12-350r_firmware
< 4.0.24.34808
lenovo/storcenter_ix2-200_firmware
< 2.1.50.30227
lenovo/storcenter_ix2-200_firmware
< 3.2.16.30221
lenovo/storcenter_ix4-200d_firmware
< 2.1.50.30227
lenovo/storcenter_ix4-200d_firmware
< 3.2.16.30221
lenovo/storcenter_ix4-200rl_firmware
< 2.1.50.30227
Published
Jul 16, 2019
Tracked Since
Feb 18, 2026