Seagate » Blackarmor Nas 220 Firmware : Security Vulnerabilities, CVEs, CVSS score >= 6

CVE-2014-3206

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
Max CVSS
10.0
EPSS Score
25.61%
Published
2018-02-23
Updated
2018-03-19

CVE-2014-3205

backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
Max CVSS
10.0
EPSS Score
1.10%
Published
2018-02-23
Updated
2018-03-18

CVE-2013-6924

Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
Max CVSS
10.0
EPSS Score
2.96%
Published
2017-10-11
Updated
2017-11-03

CVE-2013-6922

Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
Max CVSS
6.8
EPSS Score
0.24%
Published
2014-01-21
Updated
2014-01-22
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close