CVE-2018-5347
Summary
| CVE | CVE-2018-5347 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-12 01:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Seagate | Personal Cloud | - | All | All | All |
| Hardware | Seagate | Personal Cloud | - | All | All | All |
| Operating System | Seagate | Personal Cloud Firmware | - | All | All | All |
| Operating System | Seagate | Personal Cloud Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Seagate Personal Cloud - Multiple Vulnerabilities - Hardware remote Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| 401 Authorization Required | MISC | blogs.securiteam.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.