Vulnerabilities > Drobo > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-03 CVE-2018-14708 Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.
network
low complexity
drobo CWE-287
7.5
2018-12-03 CVE-2018-14707 Path Traversal vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.
network
low complexity
drobo CWE-22
7.8
2018-12-03 CVE-2018-14701 OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
network
low complexity
drobo CWE-78
7.5
2018-12-03 CVE-2018-14699 OS Command Injection vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
network
low complexity
drobo CWE-78
7.5