RSS   Vulnerabilities for 'Blackarmor nas 220 firmware'   RSS

2018-02-23
 
CVE-2014-3206

CWE-20
 

 
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.

 
 
CVE-2014-3205

CWE-798
 

 
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.

 
2017-10-11
 
CVE-2013-6924

 

 
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.

 
2014-01-21
 
CVE-2013-6922

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.

 
2014-01-09
 
CVE-2013-6923

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.

 

 >>> Vendor: Seagate 13 Products
Blackarmor nas
Blackarmor nas 220
Blackarmor nas 220 firmware
Goflex sattelite
Wireless mobile storage
Wireless plus mobile storage
Business nas firmware
St500lt015 firmware
St500lt025 firmware
Personal cloud firmware
Blackarmor nas 110 firmware
Nas os
Cortx-s3 server


Copyright 2024, cxsecurity.com

 

Back to Top