Weak Default Administrator Credentials in Lenovo Personal Cloud Storage
CVE-2021-42850

8.8HIGH

Key Information:

Vendor: Lenovo
Status: Personal Cloud Storage A1; Personal Cloud Storage T1; Personal Cloud Storage X1; Personal Cloud Storage T2
Vendor: CVE Published:; 18 May 2022

Summary

A weak default administrator password has been identified in certain Lenovo Personal Cloud Storage devices, potentially exposing these devices to unauthorized access by an attacker with physical or local network access. This vulnerability may allow attackers to gain control of the system, leading to potential data breaches and security risks. Users are urged to change their default credentials to secure their devices from potential exploitation.

Affected Version(s)

Personal Cloud Storage A1 < 5.3.6.a1

Personal Cloud Storage T1 < 5.3.6.t1

Personal Cloud Storage T2 < 5.3.8.t2

References

https://iknow.lenovo.com.cn/detail/dc_200017.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Oct 22, 2021

Credit

Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.