CVE-2021-42848
First published: Wed May 18 2022(Updated: )
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo A1 Firmware | <5.3.6.a1 | |
| Lenovo A1 | ||
| Lenovo T1 Firmware | <5.3.6.t1 | |
| Lenovo T1 | ||
| Lenovo X1 Firmware | <5.3.8.x1 | |
| Lenovo X1 | ||
| Lenovo T2 Firmware | <5.3.8.t2 | |
| Lenovo T2 | ||
| Lenovo T2pro Firmware | <5.3.7.t2-pro | |
| Lenovo T2pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42848?
CVE-2021-42848 is an information disclosure vulnerability affecting some Lenovo Personal Cloud Storage devices.
How can an unauthenticated user exploit CVE-2021-42848?
An unauthenticated user can exploit CVE-2021-42848 to retrieve device and networking details.
Which Lenovo devices are affected by CVE-2021-42848?
CVE-2021-42848 affects Lenovo Personal Cloud Storage devices with the following firmware versions: A1 Firmware up to 5.3.6.a1, T1 Firmware up to 5.3.6.t1, X1 Firmware up to 5.3.8.x1, and T2pro Firmware up to 5.3.7.t2-pro.
What is the severity of CVE-2021-42848?
CVE-2021-42848 has a severity rating of 5.3 (medium).
How can I fix CVE-2021-42848?
To fix CVE-2021-42848, Lenovo users should apply the latest firmware update provided by Lenovo.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- vendor/lenovo
- canonical/lenovo a1 firmware
- canonical/lenovo a1
- canonical/lenovo t1 firmware
- canonical/lenovo t1
- canonical/lenovo x1 firmware
- canonical/lenovo x1
- canonical/lenovo t2 firmware
- canonical/lenovo t2
- canonical/lenovo t2pro firmware
- canonical/lenovo t2pro