CVE-2013-6922

Name of the Vulnerable Software and Affected Versions Seagate BlackArmor NAS 220 version sg2000-2000.1331

Description The issue affects the Seagate BlackArmor NAS 220 devices, allowing remote attackers to hijack the authentication of administrators. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities for various actions, including adding user accounts via a crafted request to "admin/access control user add.php", modifying or deleting user accounts, performing a factory reset, rebooting the device, or adding, modifying, or deleting shares and volumes.

Recommendations For Seagate BlackArmor NAS 220 version sg2000-2000.1331, consider disabling access to the "admin/access control user add.php" endpoint until a patch is available. Restrict access to user account modification and deletion functions to minimize the risk of exploitation. Avoid using the device's factory reset, reboot, and share and volume management features until the issue is resolved. As a temporary workaround, limit administrative access to the device to prevent potential hijacking of authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.