CVE-2014-3205

Name of the Vulnerable Software and Affected Versions Seagate BlackArmor NAS (affected versions not specified)

Description The issue is related to the backupmgt/pre connect check.php component of the Seagate BlackArmor NAS, which contains a hard-coded password for a backdoor user. This could allow a remote attacker to gain full access to the device with root privileges. The hard-coded password is '!~@##$$%FREDESWWSED'.

Recommendations For Seagate BlackArmor NAS, consider changing the hard-coded password '!~@##$$%FREDESWWSED' for the backdoor user in the backupmgt/pre connect check.php component to prevent unauthorized access. As a temporary workaround, consider disabling the backupmgt/pre connect check.php component until a patch is available. Restrict access to the device to minimize the risk of exploitation.