Seagate Central Personal Cloud Storage

Platform Information https://www.seagate.com/kr/ko/support/external-hard-drives/network-storage/seagate-central/#support
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection -
Fingerprinting Source FTP MAC OUI NIC VENDOR HTTP HTTPS
Added at Mar 12, 2019
Manufacturer Name Seagate Technology PLC
Homepage http://www.seagate.com/gb/en/consumer/
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2017-18263
04/28/2018
HIGH
MEDIUM
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
CVE-2018-5347
01/12/2018
CRITICAL
HIGH
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2017-18263
04/28/2018
HIGH
MEDIUM
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
CVE-2014-3206
02/23/2018
CRITICAL
HIGH
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
CVE-2014-3205
02/23/2018
CRITICAL
HIGH
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVE-2018-5347
01/12/2018
CRITICAL
HIGH
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVE-2015-7269
11/27/2017
MEDIUM
LOW
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."