Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drobo 5n2 firmware 4.0.5-13.28.96115 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve the MySQL database root password.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14701
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14706
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the payload in a POST request.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14708
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows malicious users to intercept network traffic.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14699
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
1 Github repository
9.8
CVSSv3
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows malicious users to bypass authentication due to insecure token generation.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv3
CVE-2018-14696
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve sensitive system information.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv3
CVE-2018-14700
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve MySQL log files via the "name" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv3
CVE-2018-14695
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve diagnostic information via the "name" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv3
CVE-2018-14702
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve sensitive system information.
Drobo 5n2 Firmware 4.0.5-13.28.96115
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »