Seagate Personal Cloud Multiple Vulnerabilities(CVE-2018-5347)

Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.” Credit An independent...

CVE-2018-5347

The CVE-2018-5347 entry concerns Seagate Personal Cloud’s Seagate Media Server. The vulnerability affects the .psp URL handling in the Django-based web application (views.py: uploadTelemetry and getLogs) where unsanitized GET parameters are passed to system commands, enabling unauthenticated comm...