Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-9077

Опубликовано: 28 сент. 2018
Источник: nvd
CVSS3: 8.1
CVSS2: 9.3
EPSS Низкий

Описание

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lenovo:lenovoemc_firmware:*:*:*:*:*:*:*:*
Версия до 4.1.402.34662 (включая)

Одно из

cpe:2.3:h:lenovo:iomega_ez_media_\&_backup_center:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_ix2:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_ix2-dl:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_ix4-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px12-400r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px12-450r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px2-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px4-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px4-300r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:iomega_storcenter_px6-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ez_media_\&_backup_center:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ix2:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ix4-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px12-400r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px12-450r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px2-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px4-300d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px4-300r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px4-400d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px4-400r:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovoemc_px6-300d:-:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.0187
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-9m7h-5c58-3pm4

CVSS3: 8.1
github
больше 3 лет назад

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

EPSS

Процентиль: 83%
0.0187
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78