MidnightBSD

Advisories for iomega

CVE-1999-1174 MEDIUM

ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
iomega zip_100_mb_drive *
CVE-2001-0110 HIGH

Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
iomega jazip 0.32.2
CVE-2002-1863 MEDIUM

Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
iomega network_attached_storage a300u
CVE-2002-1949 MEDIUM

The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
iomega nas_a300u_firmware -
CVE-2002-1955 MEDIUM

Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
iomega nas a300u
CVE-2009-2367 HIGH

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-338,

Products Affected

Vendor Product Version
iomega storcenter_pro_firmware -