Remote Code Execution Vulnerability in Seagate GoFlex and LaCie Devices
CVE-2015-2874

9.8CRITICAL

Key Information:

Vendor

Seagate

Status
Wireless Mobile Storage
Wireless Plus Mobile Storage
Vendor
CVE Published:
31 December 2015

What is CVE-2015-2874?

Seagate GoFlex Satellite, Wireless Mobile Storage, Wireless Plus Mobile Storage, and LaCie FUEL devices are affected by a serious security flaw that allows remote attackers to gain administrative access to the devices. This issue arises due to a default password, 'root', for the root account, which has not been changed. Attackers can exploit this vulnerability over a TELNET session, potentially compromising the integrity of the device and the data stored on it. Users are advised to update their firmware to version 3.4.1.105 or later to mitigate the risk associated with this vulnerability.

References

https://www.kb.cert.org/vuls/id/903500
third-party-advisoryx_refsource_CERT-VN
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.