PT-2021-21154 · Lenovo · Lenovo Smart Camera

Charles Jiang

Published

2021-08-17

Updated

2021-08-30

CVE-2021-3617

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lenovo Smart Camera versions X3, X5, and C2E

Description A vulnerability was reported that could allow command injection by setting a specially crafted network configuration.

Recommendations For Lenovo Smart Camera X3, consider setting a secure network configuration to prevent command injection. For Lenovo Smart Camera X5, consider setting a secure network configuration to prevent command injection. For Lenovo Smart Camera C2E, consider setting a secure network configuration to prevent command injection. As a temporary workaround, consider restricting network configuration changes until a patch is available.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2021-3617

Affected Products

Lenovo Smart Camera

PT-2021-21154 · Lenovo · Lenovo Smart Camera

CVE-2021-3617

Weakness Enumeration

Related Identifiers

Affected Products

References · 6