Support

Lenovo EZ Media & Backup Center Vulnerability

Lenovo EZ Media & Backup Center Vulnerability

RSS

Lenovo EZ Media & Backup Center Vulnerability

Lenovo Security Advisory: LEN-30242

Potential Impact: URL Redirection

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-19758

Summary Description:

A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo has ended support for Lenovo EZ Media & Backup Center, ix2 & ix2-dl as of March 31, 2019, therefore Lenovo recommends discontinuation of use.

If it is not feasible to discontinue use, Lenovo recommends using the device only on trusted networks and clicking on device URLs only from trustworthy sources.

References:

https://support.lenovo.com/us/en/solutions/endofservice

Acknowledgement:

Lenovo thanks Mostafa Noureldin for reporting this issue.

Revision History:

Revision

Date

Description
1 2020-02-11 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Alias Id:LEN-30242
Document ID:PS500309
Original Publish Date:02/08/2020
Last Modified Date:02/11/2020
X

Lenovo uses cookies to improve your experience.

Visit our Cookie Consent Tool to manage your preferences, or our Privacy Policy for more information.

Back to Previous Page
X
lenovo

Information We Collect About You

We want to be transparent about the data we and our partners collect and how we use it, so you can best exercise control over your personal data. For more information, please see our Privacy Policy.

Our cookie consent tool offers you greater visibility and control over how your preferences are stored on the site. However, some third party cookies have been temporarily classified as essential, meaning some cookies will drop that are not actually necessary for the functioning of the site. We are working to fix the issue, but you can still block essential cookies through your browser tools.

Information Our Partners Collect

We use the following partners to better improve your overall web browsing experience. They use cookies and other mechanisms to connect you with your social networks and tailor advertising to better match your interests. You can elect to opt-out of this information collection by unticking the boxes below.

Categories
1 of 1 allowed
Essential Required

We rely on cookies, javascript, and other web technologies to serve key—or essential—elements on the site. This may include things like your language preferences or server-based cookies intended to keep our site running and operational. If disabled, your site experience will likely be impacted.

Analytics

We use analytics to improve our website by better understanding how often users visit the site, what pages they visit most, and how long they spend on our site. We'll rely on cookies and third-party partners to track these actions and behaviors. Click on one of the partner names to learn more.

Vendors
Name Required

Website:

In Their Own Words

What data does this company collect?

Data Collected

Anonymous:

Pseudonymous:

PII:

Sensitive:

Data Sharing

Data Retention

Data Use

Data Storage

Adobe