Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/GWAN-A26L3F | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/903500 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Information
Published : 2015-12-30 21:59
Updated : 2015-12-31 12:29
NVD link : CVE-2015-2875
Mitre link : CVE-2015-2875
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
seagate
- goflex_sattelite
- wireless_mobile_storage
- wireless_plus_mobile_storage
lacie
- lac9000436u_firmware
- lac9000464u_firmware
- lac9000436u
- lac9000464u