Cross-Site Request Forgery Issues in Seagate BlackArmor NAS 220 Devices
CVE-2013-6922

Currently unrated

Key Information:

Vendor: Seagate
Status: Blackarmor Nas 220 Firmware; Blackarmor Nas 220
Vendor: CVE Published:; 21 January 2014

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2013-6922?

Multiple cross-site request forgery (CSRF) vulnerabilities have been discovered in the Seagate BlackArmor NAS 220 devices, allowing remote attackers to execute unauthorized actions. Attackers can exploit these vulnerabilities to hijack administrator authentication and perform critical operations such as adding, modifying, or deleting user accounts, performing factory resets, rebooting the device, and manipulating shares and volumes through crafted requests. These issues highlight the importance of securing NAS devices against CSRF attacks to prevent unauthorized access and modifications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-6922 - Proof of Concept

References

http://secunia.com/advisories/56047

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/30726

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 21, 2014
👾
Exploit known to exist
Jan 21, 2014
Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Dec 3, 2013

CVE-2013-6922 Data

JSON