American Internet Emergency Response Center CERT: Seagate wireless hard drive to a vulnerability-vulnerability warning-the black bar safety net

2015-09-09T00:00:00
ID MYHACK58:62201566737
Type myhack58
Reporter 佚名
Modified 2015-09-09T00:00:00

Description

! American Internet emergency center released a on Seagate wireless hard drive with a warning, because the products were found to have multiple vulnerabilities could be exploited by attackers to download to disk all of the files. The default“root”login American Internet emergency center noted: “Seagate wireless hard drive provides an undocumented Telnet service, just by using the default username and the default password:“root” can log in.” And it also affects to the device, an attacker could exploit the vulnerability by Seagate wireless hard drive download the device appears in the default shared directory of any file. ! Seagate wireless hard drive vulnerability list: CVE-2 0 1 5-2 8 7 4, Use the default username and the default password:“root”can log in Telnet. CVE-2 0 1 5-2 8 7 5, in the default configuration, Seagate wireless hard drive wireless access equipment for the anonymous attacker provides a unlimited file download function. Then the attacker can directly from the system download hard disk file. CVE-2 0 1 5-2 8 7 6, in the default configuration, Seagate wireless hard drive provides an upload feature, an attacker can wireless access to the device’s /media/sda2 filesystem is. The filesystem for shared files. The above vulnerabilities occur in firmware version 2. 2. 0. 0 0 5 and 2. 3. 0. 0 1 4 being. Fortunately, in order to solve the Seagate wireless hard drive security, Seagate re-release of the 3. 4. 1. 1 0 5 The firmware version.