CVE-2018-14701

2018-12-03T22:29:00
ID CVE-2018-14701
Type cve
Reporter cve@mitre.org
Modified 2020-03-13T18:15:00

Description

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.