Search criteria
9 vulnerabilities found for lac9000464u_firmware by lacie
FKIE_CVE-2015-2876
Vulnerability from fkie_nvd - Published: 2015-12-31 05:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lacie | lac9000436u | * | |
| lacie | lac9000464u | * | |
| lacie | lac9000436u_firmware | * | |
| lacie | lac9000464u_firmware | * | |
| seagate | wireless_mobile_storage | * | |
| seagate | wireless_plus_mobile_storage | * | |
| seagate | goflex_sattelite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos sin restricci\u00f3n en dispositivos Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage y LaCie FUEL con firmware anterior a 3.4.1.105 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida de un archivo a /media/sda2 durante una sesi\u00f3n Wi-Fi."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/434.html\"\u003eCWE-434: Unrestricted Upload of File with Dangerous Type\u003c/a\u003e",
"id": "CVE-2015-2876",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-31T05:59:04.737",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2875
Vulnerability from fkie_nvd - Published: 2015-12-31 05:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seagate | goflex_sattelite | * | |
| seagate | wireless_mobile_storage | * | |
| seagate | wireless_plus_mobile_storage | * | |
| lacie | lac9000436u | * | |
| lacie | lac9000464u | * | |
| lacie | lac9000436u_firmware | * | |
| lacie | lac9000464u_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de ruta absoluta en dispositivos Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage y LaCie FUEL con firmware anterior a 3.4.1.105 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una ruta de nombres completa en una petici\u00f3n de descarga durante una sesi\u00f3n Wi-Fi."
}
],
"id": "CVE-2015-2875",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-31T05:59:03.720",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2874
Vulnerability from fkie_nvd - Published: 2015-12-31 05:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seagate | wireless_mobile_storage | * | |
| seagate | wireless_plus_mobile_storage | * | |
| lacie | lac9000436u | * | |
| lacie | lac9000464u | * | |
| lacie | lac9000436u_firmware | * | |
| lacie | lac9000464u_firmware | * | |
| seagate | goflex_sattelite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0",
"versionEndIncluding": "2.3.0.014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
},
{
"lang": "es",
"value": "Dispositivos Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage y LaCie FUEL con firmware anterior a 3.4.1.105 tienen una contrase\u00f1a por defecto de root para la cuenta de root, lo que permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de una sesi\u00f3n TELNET."
}
],
"id": "CVE-2015-2874",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-31T05:59:02.673",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-2874 (GCVE-0-2015-2874)
Vulnerability from cvelistv5 – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:19.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2874",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:19.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2876 (GCVE-0-2015-2876)
Vulnerability from cvelistv5 – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2876",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2875 (GCVE-0-2015-2875)
Vulnerability from cvelistv5 – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2875",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2874 (GCVE-0-2015-2874)
Vulnerability from nvd – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:19.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2874",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:19.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2876 (GCVE-0-2015-2876)
Vulnerability from nvd – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2876",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2875 (GCVE-0-2015-2875)
Vulnerability from nvd – Published: 2015-12-31 02:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#903500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#903500",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/903500"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"
},
{
"name": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2875",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}