Weak Default Password Vulnerability in Lenovo Personal Cloud Storage Devices
CVE-2021-42849

6.8MEDIUM

Key Information:

Vendor: Lenovo
Status: Personal Cloud Storage A1; Personal Cloud Storage T1; Personal Cloud Storage X1; Personal Cloud Storage T2
Vendor: CVE Published:; 18 May 2022

What is CVE-2021-42849?

A vulnerability has been identified in certain Lenovo Personal Cloud Storage devices where a weak default password is set for the serial port. This security flaw may allow an attacker with physical access to the device to gain unauthorized access, potentially compromising the security of sensitive data stored on the device. Users are advised to change the default password to mitigate this risk and safeguard their personal information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Personal Cloud Storage A1 < 5.3.6.a1

Personal Cloud Storage T1 < 5.3.6.t1

Personal Cloud Storage T2 < 5.3.8.t2

References

https://iknow.lenovo.com.cn/detail/dc_200017.html

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Oct 22, 2021

Credit

Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.

JSON

Lenovo

What is CVE-2021-42849?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.