6 matches found
Drobo 5N2 4.1.1 - Remote Command Injection
Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...
Drobo 5N2 4.1.1 - Remote Command Injection
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...
CVE-2018-14709
CVE-2018-14709 affects Drobo 5N2 NAS (Dashboard API) where insecure token generation allows authentication bypass. Public details in the provided documents indicate remote command injection via the NASd service, enabling attackers to perform actions such as querying device status, installing appl...