CVE-2021-42850

HIGH

Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware - Use of Hard-coded Credentials

Title source: llm

Description

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://iknow.lenovo.com.cn/detail/dc_200017.html

Scores

CVSS v3 8.8

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (5)

lenovo/a1_firmware < 5.3.6.a1

lenovo/t1_firmware < 5.3.6.t1

lenovo/t2_firmware < 5.3.8.t2

lenovo/t2pro_firmware < 5.3.7.t2-pro

lenovo/x1_firmware < 5.3.8.x1

Published May 18, 2022

Tracked Since Feb 18, 2026