Seagate

Personal Cloud Firmware

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-18263

Exploit
  • EPSS 5.85%
  • Published 28.04.2018 01:29:01
  • Last modified 21.11.2024 03:19:43

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.

10

CVE-2018-5347

Exploit
  • EPSS 37.78%
  • Published 12.01.2018 01:29:00
  • Last modified 21.11.2024 04:08:37

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.