J. Rach

**Name of the Vulnerable Software and Affected Versions** Seagate GoFlex Satellite versions prior to 3.4.1.105 Seagate Wireless Mobile Storage versions prior to 3.4.1.105 Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105 LaCie FUEL versions prior to 3.4.1.105 **Description** The issue allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. This is due to an absolute path traversal vulnerability, which exists because of incorrect restriction of the directory path name with limited access. **Recommendations** For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.

**Name of the Vulnerable Software and Affected Versions** Seagate GoFlex Satellite versions prior to 3.4.1.105 Seagate Wireless Mobile Storage versions prior to 3.4.1.105 Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105 LaCie FUEL versions prior to 3.4.1.105 **Description** The issue is related to the use of a default password for the root account in the firmware of certain mobile storage devices. This allows a remote attacker to gain administrative access through a TELNET session. **Recommendations** For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.

**Name of the Vulnerable Software and Affected Versions** D-Link DAP-1320 Rev Ax with firmware prior to 1.21b05 **Description** The issue allows attackers to execute arbitrary commands via unspecified vectors. A remote attacker can execute arbitrary code. **Recommendations** For D-Link DAP-1320 Rev Ax with firmware prior to 1.21b05, update the firmware to version 1.21b05 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-931L versions 1.04 and earlier **Description** The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, due to an unrestricted file upload vulnerability. **Recommendations** For D-Link DCS-931L versions 1.04 and earlier, update to a version later than 1.04 to resolve the issue.