CVE-2019-6178

Description

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

Remediation

Solution:

  • To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks.
5.3
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.36%
Vendor Advisory lenovo.com
Affected: Iomega and LenovoEMC NAS products
Published at:
Updated at:

References

Link Tags
https://support.lenovo.com/solutions/LEN-25557 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-6178?
CVE-2019-6178 has been scored as a medium severity vulnerability.
How to fix CVE-2019-6178?
To fix CVE-2019-6178: To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks.
Is CVE-2019-6178 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-6178 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-6178?
CVE-2019-6178 affects Iomega and LenovoEMC NAS products.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.