What is the severity of CVE-2018-9074?

CVE-2018-9074 is classified as a high severity vulnerability due to its potential to allow unauthorized file uploads as the root user.

How do I fix CVE-2018-9074?

To remediate CVE-2018-9074, upgrade your affected Lenovo or Iomega NAS device firmware to version 4.1.402.34663 or later.

Which devices are affected by CVE-2018-9074?

CVE-2018-9074 affects Lenovo and Iomega NAS devices running firmware versions up to and including 4.1.402.34662.

What consequences can occur if CVE-2018-9074 is exploited?

Exploitation of CVE-2018-9074 may allow attackers to upload arbitrary files, potentially leading to unauthorized access and compromise of the device.

How can I check if my device is vulnerable to CVE-2018-9074?

You can check if your device is vulnerable to CVE-2018-9074 by verifying the installed firmware version against the known vulnerable versions.

Vulnerability/
CVE-2018-9074

medium

6.8

CWE

28/9/2018

5/8/2024

CVE-2018-9074: Iomega and LenovoEMC NAS Web UI Vulnerabilities

First published: Fri Sep 28 2018(Updated: )

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo LenovoEMC firmware	<=4.1.402.34662
Lenovo Iomega ez media \& backup center
Lenovo Iomega storcenter ix2
Lenovo Iomega storcenter ix2-dl
Lenovo EMC ix4-300d
Lenovo EMC px12-400r IVX
Lenovo EMC px12-450r
Lenovo Iomega storcenter px2-300d
Lenovo Iomega storcenter px4-300d
Lenovo Iomega storcenter px4-300r
Lenovo Iomega storcenter px6-300d
Lenovo Lenovo ez media \& backup center
Lenovo EMC ix2/ix2-dl
Lenovo EMC ix4-300d
Lenovo LenovoEMC px12-400r
Lenovo LenovoEMC px12-450r
Lenovo EMC px2-300d
Lenovo EMC px4-300d
Lenovo EMC px4-300r
Lenovo EMC px4-400d
Lenovo EMC px4-400r
Lenovo EMC px6-300d

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/solutions/LEN-24224

Frequently Asked Questions

What is the severity of CVE-2018-9074?
CVE-2018-9074 is classified as a high severity vulnerability due to its potential to allow unauthorized file uploads as the root user.
How do I fix CVE-2018-9074?
To remediate CVE-2018-9074, upgrade your affected Lenovo or Iomega NAS device firmware to version 4.1.402.34663 or later.
Which devices are affected by CVE-2018-9074?
CVE-2018-9074 affects Lenovo and Iomega NAS devices running firmware versions up to and including 4.1.402.34662.
What consequences can occur if CVE-2018-9074 is exploited?
Exploitation of CVE-2018-9074 may allow attackers to upload arbitrary files, potentially leading to unauthorized access and compromise of the device.
How can I check if my device is vulnerable to CVE-2018-9074?
You can check if your device is vulnerable to CVE-2018-9074 by verifying the installed firmware version against the known vulnerable versions.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/title
agent/severity
agent/author
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/lenovo
canonical/lenovo lenovoemc firmware
version/lenovo lenovoemc firmware/4.1.402.34662
canonical/lenovo iomega ez media \& backup center
canonical/lenovo iomega storcenter ix2
canonical/lenovo iomega storcenter ix2-dl
canonical/lenovo emc ix4-300d
canonical/lenovo emc px12-400r ivx
canonical/lenovo emc px12-450r
canonical/lenovo iomega storcenter px2-300d
canonical/lenovo iomega storcenter px4-300d
canonical/lenovo iomega storcenter px4-300r
canonical/lenovo iomega storcenter px6-300d
canonical/lenovo lenovo ez media \& backup center
canonical/lenovo emc ix2/ix2-dl
canonical/lenovo lenovoemc px12-400r
canonical/lenovo lenovoemc px12-450r
canonical/lenovo emc px2-300d
canonical/lenovo emc px4-300d
canonical/lenovo emc px4-300r
canonical/lenovo emc px4-400d
canonical/lenovo emc px4-400r
canonical/lenovo emc px6-300d

Frequently Asked Questions

What is the severity of CVE-2018-9074?
CVE-2018-9074 is classified as a high severity vulnerability due to its potential to allow unauthorized file uploads as the root user.
How do I fix CVE-2018-9074?
To remediate CVE-2018-9074, upgrade your affected Lenovo or Iomega NAS device firmware to version 4.1.402.34663 or later.
Which devices are affected by CVE-2018-9074?
CVE-2018-9074 affects Lenovo and Iomega NAS devices running firmware versions up to and including 4.1.402.34662.
What consequences can occur if CVE-2018-9074 is exploited?
Exploitation of CVE-2018-9074 may allow attackers to upload arbitrary files, potentially leading to unauthorized access and compromise of the device.
How can I check if my device is vulnerable to CVE-2018-9074?
You can check if your device is vulnerable to CVE-2018-9074 by verifying the installed firmware version against the known vulnerable versions.

CVE-2018-9074: Iomega and LenovoEMC NAS Web UI Vulnerabilities

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-9074?

How do I fix CVE-2018-9074?

Which devices are affected by CVE-2018-9074?

What consequences can occur if CVE-2018-9074 is exploited?

How can I check if my device is vulnerable to CVE-2018-9074?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2018-9074?

How do I fix CVE-2018-9074?

Which devices are affected by CVE-2018-9074?

What consequences can occur if CVE-2018-9074 is exploited?

How can I check if my device is vulnerable to CVE-2018-9074?