ID CVE-2015-2874
Summary Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
References
Vulnerable Configurations
  • Seagate Wireless Plus Mobile Storage
    cpe:2.3:h:seagate:wireless_plus_mobile_storage
  • Seagate Wireless Mobile Storage
    cpe:2.3:h:seagate:wireless_mobile_storage
  • Lacie LAC9000436U
    cpe:2.3:h:lacie:lac9000436u
  • Lacie LAC9000464U
    cpe:2.3:h:lacie:lac9000464u
  • Lacie LAC9000464U Firmware 2.3.0.014
    cpe:2.3:o:lacie:lac9000464u_firmware:2.3.0.014
  • Lacie LAC9000436U Firmware 2.3.0.014
    cpe:2.3:o:lacie:lac9000436u_firmware:2.3.0.014
  • Seagate GoFlex Sattelite
    cpe:2.3:h:seagate:goflex_sattelite
CVSS
Base: 10.0 (as of 31-12-2015 - 10:55)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
packetstorm via4
data source https://packetstormsecurity.com/files/download/134986/KL-001-2015-007.txt
id PACKETSTORM:134986
last seen 2016-12-05
published 2015-12-18
reporter Matthew Bergin
source https://packetstormsecurity.com/files/134986/Seagate-GoFlex-Satellite-Remote-Telnet-Default-Password.html
title Seagate GoFlex Satellite Remote Telnet Default Password
refmap via4
cert-vn VU#903500
confirm
the hacker news via4
Last major update 31-12-2015 - 15:29
Published 31-12-2015 - 00:59
Back to Top