CVE-2021-42851
MEDIUMLenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Account Creation
Title source: llmDescription
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://iknow.lenovo.com.cn/detail/dc_200017.html
Scores
CVSS v3
6.3
EPSS
0.0036
EPSS Percentile
58.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-862
Status
published
Products (5)
lenovo/a1_firmware
< 5.3.6.a1
lenovo/t1_firmware
< 5.3.6.t1
lenovo/t2_firmware
< 5.3.8.t2
lenovo/t2pro_firmware
< 5.3.7.t2-pro
lenovo/x1_firmware
< 5.3.8.x1
Published
May 18, 2022
Tracked Since
Feb 18, 2026