CVE-2021-42850
First published: Wed May 18 2022(Updated: )
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo A1 Firmware | <5.3.6.a1 | |
| Lenovo A1 | ||
| Lenovo T1 Firmware | <5.3.6.t1 | |
| Lenovo T1 | ||
| Lenovo X1 Firmware | <5.3.8.x1 | |
| Lenovo X1 | ||
| Lenovo T2 Firmware | <5.3.8.t2 | |
| Lenovo T2 | ||
| Lenovo T2pro Firmware | <5.3.7.t2-pro | |
| Lenovo T2pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this weak default administrator password issue?
The vulnerability ID for this weak default administrator password issue is CVE-2021-42850.
What is the severity of CVE-2021-42850?
CVE-2021-42850 has a severity rating of 7.8 (High).
Which Lenovo Personal Cloud Storage devices are affected by CVE-2021-42850?
Lenovo Personal Cloud Storage devices with Lenovo A1 Firmware version up to 5.3.6.a1, Lenovo T1 Firmware version up to 5.3.6.t1, Lenovo X1 Firmware version up to 5.3.8.x1, and Lenovo T2pro Firmware version up to 5.3.7.t2-pro are affected by CVE-2021-42850.
How can an attacker exploit CVE-2021-42850?
An attacker with physical or local network access can exploit CVE-2021-42850 by using the weak default administrator password to gain unauthorized access to the affected Lenovo Personal Cloud Storage devices.
Is Lenovo A1, Lenovo T1, Lenovo X1, and Lenovo T2 affected by CVE-2021-42850?
No, Lenovo A1, Lenovo T1, Lenovo X1, and Lenovo T2 are not affected by CVE-2021-42850 as long as they are running the specified firmware versions.