5n2 Firmware Security Vulnerabilities and Issues — 5n2 Firmware CVE List

Lucene search

Drobo5n2 Firmware

5 matches found

CVE•added 2018/12/03 10:29 p.m.•104 views

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.

9.8CVSS9.5AI score0.00623EPSS

CVE•added 2018/12/03 10:29 p.m.•101 views

CVE-2018-14701

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

9.8CVSS9.9AI score0.50208EPSS

CVE•added 2018/12/03 10:29 p.m.•41 views

CVE-2018-14699

System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

9.8CVSS9.9AI score0.69475EPSS

CVE•added 2018/12/03 10:29 p.m.•37 views

CVE-2018-14703

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.

9.8CVSS9.3AI score0.02042EPSS

CVE•added 2018/12/03 10:29 p.m.•32 views

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.

9.8CVSS9.4AI score0.00482EPSS