Vulnerabilities > Drobo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-03 | CVE-2018-14699 | OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 9.8 |
2018-12-03 | CVE-2018-14698 | Cross-site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | 6.1 |
2018-12-03 | CVE-2018-14697 | Cross-site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. | 6.1 |
2018-12-03 | CVE-2018-14696 | Information Exposure vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. | 7.5 |
2018-12-03 | CVE-2018-14695 | Information Exposure vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. | 7.5 |