Drobo 5N2 System Command Injection Vulnerability (CNVD-2019-05933)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A command injection vulnerability exists in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker can...

CVE-2018-14699

System command injection in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...