6 matches found
CVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device...
CVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device...
Command injection
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device...
CVE-2018-18471
The vulnerability CVE-2018-18471 affects the endpoint /api/2.0/rest/aggregator/xml in Axentra Hipserv firmware used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud. The issue is an XXE flaw that can be chained with an SSRF bug to achieve remote command execution as root, exploitable b...
CVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device...
Axentra Hipserv Multiple Vulnerabilities (CVE-2018-18471)
Information disclosure and command injection vulnerabilities exist in Axentra Hipserv. This is due to an incorrectly configured XML parser accepting XML external entities. A remote unauthenticated attacker may exploit this vulnerability to disclose the contents of files or execute malicious...