Vulnerabilities > Drobo > 5N2 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-03 | CVE-2018-14708 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. | 7.5 |
| 2018-12-03 | CVE-2018-14707 | Path Traversal vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | 7.8 |
| 2018-12-03 | CVE-2018-14701 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 7.5 |
| 2018-12-03 | CVE-2018-14699 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 7.5 |