Cross-Site Request Forgery Issues in Seagate BlackArmor NAS 220 Devices
CVE-2013-6922

Currently unrated

Key Information:

Vendor: Seagate
Status: Blackarmor Nas 220 Firmware; Blackarmor Nas 220
Vendor: CVE Published:; 21 January 2014

What is CVE-2013-6922?

Multiple cross-site request forgery (CSRF) vulnerabilities have been discovered in the Seagate BlackArmor NAS 220 devices, allowing remote attackers to execute unauthorized actions. Attackers can exploit these vulnerabilities to hijack administrator authentication and perform critical operations such as adding, modifying, or deleting user accounts, performing factory resets, rebooting the device, and manipulating shares and volumes through crafted requests. These issues highlight the importance of securing NAS devices against CSRF attacks to prevent unauthorized access and modifications.

References

http://secunia.com/advisories/56047

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/30726

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Dec 3, 2013

JSON