// For flags

CVE-2018-9075

Iomega and LenovoEMC NAS Web UI Vulnerabilities

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al unirse a una instalación PersonalCloud, un atacante puede manipular una carga útil de inyección de comandos utilizando caracteres de comilla hacia atrás "``" en el parámetro client:password. Como resultado, podrían ejecutarse comandos arbitrarios como el usuario root. El ataque requiere un valor __c y un parámetro iomega.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-27 CVE Reserved
  • 2018-09-28 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Ez Media \& Backup Center
Search vendor "Lenovo" for product "Iomega Ez Media \& Backup Center"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Ix2
Search vendor "Lenovo" for product "Iomega Storcenter Ix2"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Ix2-dl
Search vendor "Lenovo" for product "Iomega Storcenter Ix2-dl"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Ix4-300d
Search vendor "Lenovo" for product "Iomega Storcenter Ix4-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px12-400r
Search vendor "Lenovo" for product "Iomega Storcenter Px12-400r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px12-450r
Search vendor "Lenovo" for product "Iomega Storcenter Px12-450r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px2-300d
Search vendor "Lenovo" for product "Iomega Storcenter Px2-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px4-300d
Search vendor "Lenovo" for product "Iomega Storcenter Px4-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px4-300r
Search vendor "Lenovo" for product "Iomega Storcenter Px4-300r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Iomega Storcenter Px6-300d
Search vendor "Lenovo" for product "Iomega Storcenter Px6-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovo Ez Media \& Backup Center
Search vendor "Lenovo" for product "Lenovo Ez Media \& Backup Center"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovo Ix2
Search vendor "Lenovo" for product "Lenovo Ix2"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovo Ix4-300d
Search vendor "Lenovo" for product "Lenovo Ix4-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px12-400r
Search vendor "Lenovo" for product "Lenovoemc Px12-400r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px12-450r
Search vendor "Lenovo" for product "Lenovoemc Px12-450r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px2-300d
Search vendor "Lenovo" for product "Lenovoemc Px2-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px4-300d
Search vendor "Lenovo" for product "Lenovoemc Px4-300d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px4-300r
Search vendor "Lenovo" for product "Lenovoemc Px4-300r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px4-400d
Search vendor "Lenovo" for product "Lenovoemc Px4-400d"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px4-400r
Search vendor "Lenovo" for product "Lenovoemc Px4-400r"
--
Safe
Lenovo
Search vendor "Lenovo"
Lenovoemc Firmware
Search vendor "Lenovo" for product "Lenovoemc Firmware"
<= 4.1.402.34662
Search vendor "Lenovo" for product "Lenovoemc Firmware" and version " <= 4.1.402.34662"
-
Affected
in Lenovo
Search vendor "Lenovo"
Lenovoemc Px6-300d
Search vendor "Lenovo" for product "Lenovoemc Px6-300d"
--
Safe