exploitDog

CVE-2017-18263

Опубликовано: 28 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.

Ссылки

https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html
Third Party Advisory
VDB Entry
https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html
Third Party Advisory
VDB Entry
https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:seagate:personal_cloud_firmware:*:*:*:*:*:*:*:*

Версия до 4.3.18.4 (исключая)

cpe:2.3:h:seagate:personal_cloud:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05566

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-hw7v-x9g7-j8cf

CVSS3: 7.5

github

больше 3 лет назад

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.

EPSS

Процентиль: 90%

0.05566

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22