Lucene search
K

6 matches found

exploitpack
exploitpack
added 2020/03/13 12:0 a.m.212 views

Drobo 5N2 4.1.1 - Remote Command Injection

Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...

7.5CVSS9.9AI score0.19994EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/03/13 12:0 a.m.191 views

Drobo 5N2 4.1.1 - Remote Command Injection

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

9.8CVSS9.6AI score0.19994EPSS
Exploits6
OSV
OSV
added 2018/12/03 10:29 p.m.3 views

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

9.8CVSS5.8AI score0.01911EPSS
Exploits5References2
NVD
NVD
added 2018/12/03 10:29 p.m.19 views

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

9.8CVSS9.6AI score0.01911EPSS
Exploits5References2
CVE
CVE
added 2018/12/03 10:0 p.m.116 views

CVE-2018-14709

CVE-2018-14709 affects Drobo 5N2 NAS (Dashboard API) where insecure token generation allows authentication bypass. Public details in the provided documents indicate remote command injection via the NASd service, enabling attackers to perform actions such as querying device status, installing appl...

9.8CVSS9.5AI score0.01911EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/12/03 10:0 p.m.41 views

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

9.7AI score0.01911EPSS
Exploits5References2
Rows per page
Query Builder