Vulnerabilities > Seagate > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2020-6627 OS Command Injection vulnerability in Seagate products
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
network
low complexity
seagate CWE-78
critical
9.8
2019-05-13 CVE-2018-12295 SQL Injection vulnerability in Seagate NAS OS 4.3.15.1
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
network
low complexity
seagate CWE-89
critical
9.8
2018-02-23 CVE-2014-3206 Improper Input Validation vulnerability in Seagate products
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
network
low complexity
seagate CWE-20
critical
9.8
2018-02-23 CVE-2014-3205 Use of Hard-coded Credentials vulnerability in Seagate products
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
network
low complexity
seagate CWE-798
critical
9.8
2018-01-12 CVE-2018-5347 OS Command Injection vulnerability in Seagate Personal Cloud Firmware
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
network
low complexity
seagate CWE-78
critical
9.8
2017-10-11 CVE-2013-6924 Command Injection vulnerability in Seagate Blackarmor NAS 220 Firmware Sg20002000.1331
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
network
low complexity
seagate CWE-77
critical
9.8
2017-06-08 CVE-2014-8687 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Seagate Business NAS Firmware 2014.00319
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
network
low complexity
seagate CWE-327
critical
9.8
2015-12-31 CVE-2015-2874 Credentials Management vulnerability in multiple products
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
network
low complexity
seagate lacie CWE-255
critical
9.8