Описание
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.
Ссылки
- Vendor AdvisoryURL Repurposed
- ExploitThird Party Advisory
- Vendor AdvisoryURL Repurposed
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.
Уязвимость веб-интерфейса микропрограммного обеспечения сетевых устройств хранения данных Seagate GoFlex Home, Medion LifeCloud NAS и Netgear Stora, позволяющая нарушителю повысить свои привилегии
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2