A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via the Internet.
About Iomega and LenovoEMC
Iomega Corporation was acquired in 2008 by EMC. In 2013, Iomega became LenovoEMC – a joint venture between Lenovo and EMC Corporation – and Iomega’s products were rebranded under the new name. Iomega’s and LenovoEMC’s storage products were aimed at small and medium-sized businesses.
About the vulnerability (CVE-2019-6160)
CVE-2019-6160 affects a number of Iomega and LenovoEMC NAS products, which have reached End-of-Service-Life four years ago.
The vulnerability stems from an unprotected API call and allows anyone to use Shodan to find vulnerable NAS devices and then simply download the exposed files by sending a specially crafted requests.
The data leak was discovered by a Vertical ..
Support the originator by clicking the read the rest link below.
