Search criteria
3 vulnerabilities found for lac9000436u by lacie
VAR-201512-0525
Vulnerability from variot - Updated: 2023-12-18 12:37Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "lac9000464u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "lac9000436u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80836",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80836",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80836"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2875",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80836",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"id": "VAR-201512-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80836"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:51.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"title": "Multiple Seagate Fixes for wireless storage product path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57745"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 1.9,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80836"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80836"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T05:59:03.720000",
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80836"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T20:29:55.210000",
"db": "NVD",
"id": "CVE-2015-2875"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-208"
}
],
"trust": 0.6
}
}
VAR-201512-0526
Vulnerability from variot - Updated: 2023-12-18 12:37Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless mobile storage",
"scope": null,
"trust": 1.4,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 1.4,
"vendor": "seagate",
"version": null
},
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "goflex sattelite",
"scope": null,
"trust": 0.6,
"vendor": "seagate",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-80837",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80837",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80837"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2876",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80837",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"id": "VAR-201512-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80837"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:51.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"title": "Multiple Seagate Fixes for wireless storage products without restricting file upload vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57746"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-22",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80837"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80837"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T05:59:04.737000",
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80837"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T15:46:12.273000",
"db": "NVD",
"id": "CVE-2015-2876"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-209"
}
],
"trust": 0.6
}
}
VAR-201512-0524
Vulnerability from variot - Updated: 2023-12-18 12:37Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username "root" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request ('Forced Browsing') https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. Seagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable. A remote attacker can TELNET A session exploits this vulnerability to gain administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lac9000464u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": "wireless mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "goflex sattelite",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "wireless plus mobile storage",
"scope": "eq",
"trust": 1.0,
"vendor": "seagate",
"version": "*"
},
{
"model": "lac9000436u",
"scope": "lte",
"trust": 1.0,
"vendor": "lacie",
"version": "2.3.0.014"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "fuel",
"scope": null,
"trust": 0.8,
"vendor": "lacie",
"version": null
},
{
"model": "goflex satellite",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "wireless plus mobile storage",
"scope": null,
"trust": 0.8,
"vendor": "seagate",
"version": null
},
{
"model": "lac9000464u",
"scope": null,
"trust": 0.6,
"vendor": "lacie",
"version": null
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.3.0.014"
},
{
"model": "technology llc seagate 36c",
"scope": "eq",
"trust": 0.3,
"vendor": "seagate",
"version": "2.2.0.005"
},
{
"model": "technology llc seagate 36c",
"scope": "ne",
"trust": 0.3,
"vendor": "seagate",
"version": "3.4.1.105"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Baucom, Allen Harper, and J. Rach of Tangible Security",
"sources": [
{
"db": "BID",
"id": "76547"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80835",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2874",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-006526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80835",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Seagate There are multiple vulnerabilities in the wireless storage products offered by. Authentication information ( password ) Is hard-coded (CWE-798) - CVE-2015-2874 Not described in manual telnet Service is up and username \"root\" , Accessible using the default password. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, National Vulnerability Database (NVD) Then CWE-255 It is published as Send request directly (Forced Browsing) (CWE-425) - CVE-2015-2875 By default, anyone can download files when accessing the device wirelessly. Any file on the file system can be downloaded directly. CWE-425: Direct Request (\u0027Forced Browsing\u0027) https://cwe.mitre.org/data/definitions/425.html In addition, National Vulnerability Database (NVD) Then CWE-22 It is published as Unlimited upload of dangerous types of files (CWE-434) - CVE-2015-2876 When accessing the device wirelessly with default settings, /media/sda2 You can upload files to the file system. This file system is prepared for file sharing. CWE-434: Unrestricted Upload of File with Dangerous Type https://cwe.mitre.org/data/definitions/434.htmlA remote attacker can access arbitrary files on the product, root It may be operated with authority. \nSeagate 36C running firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable. A remote attacker can TELNET A session exploits this vulnerability to gain administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "VULHUB",
"id": "VHN-80835"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-2874",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92833570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207",
"trust": 0.7
},
{
"db": "BID",
"id": "76547",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "134986",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80835",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"id": "VAR-201512-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:51.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Updates for Seagate Products",
"trust": 0.8,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-22",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-9zgtuh"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-a26l3f"
},
{
"trust": 1.4,
"url": "https://apps1.seagate.com/downloads/request.html"
},
{
"trust": 1.4,
"url": "http://knowledge.seagate.com/articles/en_us/faq/207931en"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92833570/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2874"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2875"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2876"
},
{
"trust": 0.3,
"url": "http://www.seagate.com/in/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903500"
},
{
"db": "VULHUB",
"id": "VHN-80835"
},
{
"db": "BID",
"id": "76547"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80835"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2015-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T05:59:02.673000",
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#903500"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80835"
},
{
"date": "2015-09-01T00:00:00",
"db": "BID",
"id": "76547"
},
{
"date": "2016-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006526"
},
{
"date": "2015-12-31T20:29:26.130000",
"db": "NVD",
"id": "CVE-2015-2874"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seagate and LaCie wireless storage products contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-207"
}
],
"trust": 0.6
}
}