PT-2015-2965 · Lacie+1 · Lacie Fuel+2
Allen Harper
+2
·
Publicado
2015-09-01
·
Atualizado
2015-12-31
·
CVE-2015-2874
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Seagate GoFlex Satellite versions prior to 3.4.1.105
Seagate Wireless Mobile Storage versions prior to 3.4.1.105
Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105
LaCie FUEL versions prior to 3.4.1.105
Description
The issue is related to the use of a default password for the root account in the firmware of certain mobile storage devices. This allows a remote attacker to gain administrative access through a TELNET session.
Recommendations
For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Lacie Fuel
Seagate Goflex Satellite
Seagate Wireless Mobile Storage