Vulnerabilities > Seagate > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2020-6627 | OS Command Injection vulnerability in Seagate products The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request. | 9.8 |
| 2019-05-13 | CVE-2018-12295 | SQL Injection vulnerability in Seagate NAS OS 4.3.15.1 SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | 9.8 |
| 2018-02-23 | CVE-2014-3206 | Improper Input Validation vulnerability in Seagate products Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | 9.8 |
| 2018-02-23 | CVE-2014-3205 | Use of Hard-coded Credentials vulnerability in Seagate products backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. | 9.8 |
| 2018-01-12 | CVE-2018-5347 | OS Command Injection vulnerability in Seagate Personal Cloud Firmware Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | 9.8 |
| 2017-10-11 | CVE-2013-6924 | Command Injection vulnerability in Seagate Blackarmor NAS 220 Firmware Sg20002000.1331 Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | 9.8 |
| 2017-06-08 | CVE-2014-8687 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Seagate Business NAS Firmware 2014.00319 Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | 9.8 |
| 2015-12-31 | CVE-2015-2874 | Credentials Management vulnerability in multiple products Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | 9.8 |