Drobo NAS Multiple Vulnerabilities in DroboPix

Drobo NAS are prone to multiple vulnerabilities in DroboPix. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Drobo DroboPix Detection

Detection of Drobo DroboPix. The script sends a connection request to the server and attempts to detect Drobo DroboPix, s a one-click photo upload solution for mobile devices on Drobo NAS devices. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

Drobo 5N2 System Command Injection Vulnerability

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A command injection vulnerability exists in the /DroboPix/api/drobopix/demo endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker...

CVE-2018-14702

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...

CVE-2018-14702

CVE-2018-14702 describes an improper access control in the Drobo 5N2 NAS, specifically the /drobopix/api/drobo.php endpoint used by DroboPix. Affects Drobo 5N2 NAS version 4.0.5-13.28.96115. An unauthenticated attacker can retrieve sensitive system information due to this access-control flaw. CVS...