Vulnerabilities > Drobo > 5N2 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2018-14705 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.5 In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. | 10.0 |
| 2018-12-03 | CVE-2018-14706 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request. | 10.0 |