Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drobo 5n2 firmware 4.0.5-13.28.96115 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-14706
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the payload in a POST request.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.8
CVSSv2
CVE-2018-14707
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to upload files to arbitrary locations.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv2
CVE-2018-14701
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
7.5
CVSSv2
CVE-2018-14699
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
1 Github repository
7.5
CVSSv2
CVE-2018-14708
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows malicious users to intercept network traffic.
Drobo 5n2 Firmware 4.0.5-13.28.96115
5
CVSSv2
CVE-2018-14695
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve diagnostic information via the "name" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
5
CVSSv2
CVE-2018-14696
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve sensitive system information.
Drobo 5n2 Firmware 4.0.5-13.28.96115
5
CVSSv2
CVE-2018-14700
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve MySQL log files via the "name" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
5
CVSSv2
CVE-2018-14702
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve sensitive system information.
Drobo 5n2 Firmware 4.0.5-13.28.96115
5
CVSSv2
CVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve the MySQL database root password.
Drobo 5n2 Firmware 4.0.5-13.28.96115
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »