CVE-2021-42848
MEDIUMLenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Information Disclosure
Title source: llmDescription
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://iknow.lenovo.com.cn/detail/dc_200017.html
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
43.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (5)
lenovo/a1_firmware
< 5.3.6.a1
lenovo/t1_firmware
< 5.3.6.t1
lenovo/t2_firmware
< 5.3.8.t2
lenovo/t2pro_firmware
< 5.3.7.t2-pro
lenovo/x1_firmware
< 5.3.8.x1
Published
May 18, 2022
Tracked Since
Feb 18, 2026