The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
seagate stcg2000300_firmware - |
||
seagate stcg3000300_firmware - |
||
seagate stcg4000300_firmware - |