Vulnerabilities > Seagate > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2020-6627 OS Command Injection vulnerability in Seagate products
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
network
low complexity
seagate CWE-78
critical
9.8
2018-02-23 CVE-2014-3206 Improper Input Validation vulnerability in Seagate products
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
network
low complexity
seagate CWE-20
critical
10.0
2018-02-23 CVE-2014-3205 Use of Hard-coded Credentials vulnerability in Seagate products
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
network
low complexity
seagate CWE-798
critical
10.0
2018-01-12 CVE-2018-5347 OS Command Injection vulnerability in Seagate Personal Cloud Firmware
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
network
low complexity
seagate CWE-78
critical
10.0
2017-10-11 CVE-2013-6924 Command Injection vulnerability in Seagate Blackarmor NAS 220 Firmware Sg20002000.1331
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
network
low complexity
seagate CWE-77
critical
10.0
2017-06-08 CVE-2014-8687 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Seagate Business NAS Firmware 2014.00319
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
network
low complexity
seagate CWE-327
critical
10.0
2015-12-31 CVE-2015-2874 Credentials Management vulnerability in multiple products
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
network
low complexity
seagate lacie CWE-255
critical
10.0
2012-05-25 CVE-2012-2568 Permissions, Privileges, and Access Controls vulnerability in Seagate Blackarmor NAS
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
network
low complexity
seagate CWE-264
critical
10.0