Vulnerabilities > Seagate > Wireless Plus Mobile Storage

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-2876 Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
low complexity
lacie seagate
8.3
2015-12-31 CVE-2015-2875 Path Traversal vulnerability in multiple products
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
network
low complexity
seagate lacie CWE-22
7.8
2015-12-31 CVE-2015-2874 Credentials Management vulnerability in multiple products
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
network
low complexity
seagate lacie CWE-255
critical
10.0