CVE-2018-9080
Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
Affected products
Lenovo Group LTD · EZ Media and Backup CenterLenovo Group LTD · Iomega StorCenterLenovo Group LTD · LenovoEMCWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →