Vulnerability Details CVE-2018-9074
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.8
References
Products affected by CVE-2018-9074
-
cpe:2.3:h:lenovo:iomega_ez_media_&_backup_center:-
-
cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-
-
cpe:2.3:h:lenovo:iomega_storcenter_ix2:-
-
cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-
-
cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-
-
cpe:2.3:h:lenovo:lenovo_ez_media_&_backup_center:-
-
cpe:2.3:h:lenovo:lenovo_ix2:-
-
cpe:2.3:h:lenovo:lenovo_ix4-300d:-
-
cpe:2.3:h:lenovo:lenovoemc_px12-400r:-
-
cpe:2.3:h:lenovo:lenovoemc_px12-450r:-
-
cpe:2.3:h:lenovo:lenovoemc_px2-300d:-
-
cpe:2.3:h:lenovo:lenovoemc_px4-300d:-
-
cpe:2.3:h:lenovo:lenovoemc_px4-300r:-
-
cpe:2.3:h:lenovo:lenovoemc_px4-400d:-
-
cpe:2.3:h:lenovo:lenovoemc_px4-400r:-
-
cpe:2.3:h:lenovo:lenovoemc_px6-300d:-
-
cpe:2.3:o:lenovo:lenovoemc_firmware:4.1.402.34662