5 matches found
Drobo 5N2 cross-site scripting vulnerability (CNVD-2019-05932)
The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A cross-site scripting vulnerability exists in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. A remote...
Drobo 5N2 Cross-Site Scripting Vulnerability
The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A cross-site scripting vulnerability exists in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115. A remote attacker can...
Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05929)
The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker can...
Drobo 5N2 System Command Injection Vulnerability
The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A command injection vulnerability exists in the /DroboPix/api/drobopix/demo endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker...
CVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...