{"api_version":"1","generated_at":"2026-05-13T15:17:31+00:00","cve":"CVE-2015-2875","urls":{"html":"https://cve.report/CVE-2015-2875","api":"https://cve.report/api/cve/CVE-2015-2875.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-2875","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-2875"},"summary":{"title":"CVE-2015-2875","description":"Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.","state":"PUBLISHED","assigner":"certcc","published_at":"2015-12-31 05:59:03","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.kb.cert.org/vuls/id/903500","name":"https://www.kb.cert.org/vuls/id/903500","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#903500 - Seagate wireless hard-drives contain multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH","name":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Seagate Technology LLC Information for VU#903500","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F","name":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"LaCie Information for VU#903500","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-2875","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2875","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"2875","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"lacie","cpe5":"lac9000436u","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"1","versionEndIncluding":"2.3.0.014","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"lacie","cpe5":"lac9000436u_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"lacie","cpe5":"lac9000464u","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"1","versionEndIncluding":"2.3.0.014","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"lacie","cpe5":"lac9000464u_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"seagate","cpe5":"goflex_sattelite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"seagate","cpe5":"wireless_mobile_storage","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"2875","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"seagate","cpe5":"wireless_plus_mobile_storage","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T05:32:20.267Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#903500","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"https://www.kb.cert.org/vuls/id/903500"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-09-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-12-31T04:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"VU#903500","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"https://www.kb.cert.org/vuls/id/903500"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2015-2875","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#903500","refsource":"CERT-VN","url":"https://www.kb.cert.org/vuls/id/903500"},{"name":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH","refsource":"CONFIRM","url":"https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH"},{"name":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F","refsource":"CONFIRM","url":"https://www.kb.cert.org/vuls/id/GWAN-A26L3F"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2015-2875","datePublished":"2015-12-31T02:00:00.000Z","dateReserved":"2015-04-03T00:00:00.000Z","dateUpdated":"2024-08-06T05:32:20.267Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-12-31 05:59:03","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*","matchCriteriaId":"D52B917C-06F2-4EB2-94FC-B47D7FE2C057"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*","matchCriteriaId":"5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2"},{"vulnerable":true,"criteria":"cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*","matchCriteriaId":"A4DF566C-383A-45AA-9276-0742F40F316D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*","matchCriteriaId":"29F377B9-4610-41B6-9D79-64631BFE17F2"},{"vulnerable":false,"criteria":"cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*","matchCriteriaId":"80038101-7457-441E-8407-FA48FF3EB87D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.0.014","matchCriteriaId":"2D3742DC-6D53-425C-8975-4F827B4AF528"},{"vulnerable":true,"criteria":"cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.0.014","matchCriteriaId":"4885C331-C0CB-4B0F-9ED8-9229FA9564F0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"2875","Ordinal":"1","Title":"CVE-2015-2875","CVE":"CVE-2015-2875","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"2875","Ordinal":"1","NoteData":"Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.","Type":"Description","Title":"CVE-2015-2875"},{"CveYear":"2015","CveId":"2875","Ordinal":"2","NoteData":"2015-12-30","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"2875","Ordinal":"3","NoteData":"2015-12-30","Type":"Other","Title":"Modified"}]}}}