2 matches found
CVE-2018-14699
System command injection in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...
CVE-2018-14699
CVE-2018-14699 affects Drobo 5N2 NAS (version 4.0.5-13.28.96115) via the /DroboAccess/enable_user endpoint. An unauthenticated attacker can inject commands through the username URL parameter, enabling system command execution. Connected sources corroborate a high–critical impact, with CVSS metric...