Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.
0487fb38d28fb3a16f1e6da5666a62aa264281d650c6fa4c8f45c8249d44e294Seagate Business NAS versions 2014.00319 and below suffer from a pre-authentication remote code execution vulnerability.
04e4ec1dd7006778a46d2aa1f5a5ce11de00768fdac6d7d4e4a193fa3100d616
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed