PT-2015-2965 · Lacie+1 · Lacie Fuel+2

Allen Harper

Published

2015-09-01

Updated

2015-12-31

CVE-2015-2874

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Seagate GoFlex Satellite versions prior to 3.4.1.105 Seagate Wireless Mobile Storage versions prior to 3.4.1.105 Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105 LaCie FUEL versions prior to 3.4.1.105

Description The issue is related to the use of a default password for the root account in the firmware of certain mobile storage devices. This allows a remote attacker to gain administrative access through a TELNET session.

Recommendations For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later. For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-255

Related Identifiers

BDU:2016-00062

CVE-2015-2874

Affected Products

Lacie Fuel

Seagate Goflex Satellite

Seagate Wireless Mobile Storage

PT-2015-2965 · Lacie+1 · Lacie Fuel+2

CVE-2015-2874

Weakness Enumeration

Related Identifiers

Affected Products

References · 5