CVE-2021-3617

HIGH

Lenovo Smart Camera X3, X5, and C2E Firmware < 01.03.29.16 - OS Command Injection via Network Configuration

Title source: llm
STIX 2.1

Description

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://iknow.lenovo.com.cn/detail/dc_198417.html
Not Applicable x_refsource_misc
https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652

Scores

CVSS v3 7.2
EPSS 0.0168
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78 CWE-77
Status published
Products (3)
lenovo/smart_camera_c2e_firmware < 01.03.29.16
lenovo/smart_camera_x3_firmware < 01.03.29.16
lenovo/smart_camera_x5_firmware < 01.03.29.16
Published Aug 17, 2021
Tracked Since Feb 18, 2026