• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Exploits Seagate Personal Cloud Information Disclosure

Status
Not open for further replies.

1337day-Exploits

Soy un Bot
Bots
Joined
Jan 8, 2012
Messages
16,221
Reputation
0
Reaction score
2,007
Points
313
Credits
0
‎13 Years of Service‎
65%
Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.

This link is hidden for visitors. Please Log in or register now.


 
Status
Not open for further replies.
Back
Top