Vulnerabilities > Seagate > Stcg4000300 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2020-6627 OS Command Injection vulnerability in Seagate products
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
network
low complexity
seagate CWE-78
critical
9.8