{"uuid": "703a22dc-d7a0-4a64-8f1e-85492a8a9820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-6627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-6627\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the \"start\" state and sending a check_device_name request.\n\ud83d\udccf Published: 2022-12-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T14:51:26.204Z\n\ud83d\udd17 References:\n1. https://www.invictuseurope.com/blog/\n2. https://github.com/rapid7/metasploit-framework/pull/12844\n3. https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/\n4. http://packetstormsecurity.com/files/172590/Seagate-Central-Storage-2015.0916-User-Creation-Command-Execution.html", "creation_timestamp": "2025-04-23T15:04:43.000000Z"}