0day in Seagate NAS devices
Beyond Binary has published a 0day report that affects NAS devices from Seagate. The vulnerability allows unauthenticated attackers to perform remote code execution, provided that they are located in the same network segment as the device. Data from Shodan shows that this vulnerability affects to at least 2,500 devices. According to Beyond Binary, the vulnerability was reported to Seagate, and has been published after the 100 days period initially established for public disclosure.
Seagate acknowledges NAS 0-day, announces patch for May.
References:
- 01/03/2015 isc.sans.edu Advisory: Seagate NAS Remote Code Execution
- 02/03/2015 securityaffairs.co Seagate NAS affected by a Remote Code Execution zero-day vulnerability
- 02/03/2015 securityweek.com Seagate Business NAS Flaws Allow Remote Code Execution: Researchers
- 09/03/2015 net-security.org Seagate acknowledges NAS 0-day, announces patch for May
Tags: