User Account Creation Vulnerability in Lenovo Personal Cloud Storage Devices
CVE-2021-42851

6.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Personal Cloud Storage A1; Personal Cloud Storage T1; Personal Cloud Storage X1; Personal Cloud Storage T2
Vendor: CVE Published:; 18 May 2022

Summary

A security vulnerability has been identified in certain Lenovo Personal Cloud Storage devices, allowing unauthenticated users to create standard user accounts. This flaw could potentially expose sensitive data and compromise user privacy. Users are urged to apply necessary updates to secure their devices.

Affected Version(s)

Personal Cloud Storage A1 < 5.3.6.a1

Personal Cloud Storage T1 < 5.3.6.t1

Personal Cloud Storage T2 < 5.3.8.t2

References

https://iknow.lenovo.com.cn/detail/dc_200017.html

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Oct 22, 2021

Credit

Lenovo thanks Kais and KT of 360 Vulcan Team for reporting this issue.