CVE-2019-6178

MEDIUM

Lenovo Iomega and LenovoEMC NAS - Information Disclosure via Personal Cloud API

Title source: llm
STIX 2.1

Description

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-25557

Scores

CVSS v3 5.3
EPSS 0.0024
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (8)
lenovo/home_media_network_hard_drive_firmware 3.2.16.30221
lenovo/ix12-300r_firmware 4.0.24.34808
lenovo/px12-350r_firmware 4.0.24.34808
lenovo/storecenter_ix2-200_firmware 3.2.16.30221
lenovo/storecenter_ix2-200_firmware 2.1.50.30227
lenovo/storecenter_ix4-200d_firmware 3.2.16.30221
lenovo/storecenter_ix4-200d_firmware 2.1.50.30227
lenovo/storecenter_ix4-200rl_firmware 2.1.50.30227
Published Aug 19, 2019
Tracked Since Feb 18, 2026