Vulnerabilities > Seagate > Personal Cloud Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2018-5347 OS Command Injection vulnerability in Seagate Personal Cloud Firmware
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
network
low complexity
seagate CWE-78
critical
9.8