A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.
Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274
Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Wang Jincheng, Professor Yu Le from Nanjing University of Posts and Telecommunications and Professor Luo Xiapu from The Hong Kong Polytechnic University