Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Lenovo Subscribe
Filtered by product Iomega Storcenter Ix2
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9077 1 Lenovo 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more 2024-02-28 9.3 HIGH 8.1 HIGH
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVE-2018-9074 1 Lenovo 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more 2024-02-28 6.8 MEDIUM 6.5 MEDIUM
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
CVE-2018-9076 1 Lenovo 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more 2024-02-28 9.3 HIGH 8.1 HIGH
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVE-2018-9075 1 Lenovo 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more 2024-02-28 9.3 HIGH 8.1 HIGH
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.