MidnightBSD

Advisories for lacie

CVE-2015-2874 HIGH

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
seagate wireless_mobile_storage *
lacie lac9000464u_firmware *
seagate wireless_plus_mobile_storage *
seagate goflex_sattelite *
lacie lac9000436u_firmware *
CVE-2015-2875 HIGH

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
seagate wireless_mobile_storage *
lacie lac9000464u_firmware *
seagate wireless_plus_mobile_storage *
seagate goflex_sattelite *
lacie lac9000436u_firmware *
CVE-2015-2876 HIGH

Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
seagate wireless_mobile_storage *
lacie lac9000464u_firmware *
seagate wireless_plus_mobile_storage *
seagate goflex_sattelite *
lacie lac9000436u_firmware *