Overview
- Description
- Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
- Source
- cret@cert.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 8.3
- Impact score
- 10
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2"
},
{
"criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528",
"versionEndIncluding": "2.3.0.014"
},
{
"criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0",
"versionEndIncluding": "2.3.0.014"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2"
},
{
"criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057"
}
],
"operator": "OR"
}
]
}
]