CVE-2014-3206

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
References
Link Resource
https://www.exploit-db.com/exploits/33159/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/33159/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seagate:blackarmor_nas_220:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:seagate:blackarmor_nas_110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seagate:blackarmor_nas_110:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/33159/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/33159/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2018-02-23 17:29

Updated : 2024-11-21 02:07


NVD link : CVE-2014-3206

Mitre link : CVE-2014-3206

CVE.ORG link : CVE-2014-3206


JSON object : View

Products Affected

seagate

  • blackarmor_nas_220
  • blackarmor_nas_110
  • blackarmor_nas_220_firmware
  • blackarmor_nas_110_firmware
CWE
CWE-20

Improper Input Validation