CVE-2021-42849
First published: Wed May 18 2022(Updated: )
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo A1 Firmware | <5.3.6.a1 | |
| Lenovo A1 | ||
| Lenovo T1 Firmware | <5.3.6.t1 | |
| Lenovo T1 | ||
| Lenovo X1 Firmware | <5.3.8.x1 | |
| Lenovo X1 | ||
| Lenovo T2 Firmware | <5.3.8.t2 | |
| Lenovo T2 | ||
| Lenovo T2pro Firmware | <5.3.7.t2-pro | |
| Lenovo T2pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42849?
CVE-2021-42849 is a vulnerability that involves a weak default password for the serial port in some Lenovo Personal Cloud Storage devices.
How does CVE-2021-42849 impact Lenovo Personal Cloud Storage devices?
CVE-2021-42849 allows unauthorized device access to an attacker with physical access.
What is the severity of CVE-2021-42849?
CVE-2021-42849 has a severity rating of 6.8, which is considered medium.
Which versions of Lenovo A1 Firmware are affected by CVE-2021-42849?
Lenovo A1 Firmware versions up to 5.3.6.a1 are affected by CVE-2021-42849.
Is Lenovo X1 affected by CVE-2021-42849?
No, Lenovo X1 is not affected by CVE-2021-42849.
How do I fix CVE-2021-42849?
To fix CVE-2021-42849, Lenovo Personal Cloud Storage device users should ensure that a strong password is set for the serial port.