Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Lenovo Network Storage Device Vulnerability Patched

Researchers discovered a vulnerability in Lenovo network storage devices that allows attackers to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

Researchers discovered a vulnerability in Lenovo network storage devices that allows attackers to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

The vulnerability was discovered by researchers at Digital Defense Inc. Lenovo has issued a firmware update to address the problem, which affected LenovoEMC, Lenovo and Iomega NAS devices with LenovoEMC LifeLine firmware version 4.0.2.9960 or 4.0.4.14600.

According to Digital Defense, the web server for the LenovoEMC StorageCenter PX4-300R allows unauthenticated remote users to retrieve specific files located outside of the web root. For an attacker to exploit this vulnerability, they would have to hve direct knowledge of the directory structure.

Once the flaw was discovered, Digital Defense began working with Lenovo to address the issue.

“Our goal is to work hand in hand with hardware and software manufacturers to help them understand our security vulnerability discoveries and to ensure this intelligence is rapidly communicated to our clients and other end users, with the appropriate remediation solution, to ensure any potential risk is mitigated,” said Larry Hurtado, DDI president and CEO, in a statement. “This responsible disclosure process has been effective in resolving security issues before they potentially open the door to malicious attacks.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.