CVE-2015-2875

Published: Dec 31, 2015Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.

Affected (5)

Products: Seagate: Goflex Sattelite, Wireless Mobile Storage, Wireless Plus Mobile Storage · Lacie: Lac9000436u Firmware, Lac9000464u Firmware

3 products

Goflex Sattelite

Wireless Mobile Storage

Wireless Plus Mobile Storage

2 products

Lac9000436u Firmware

Lac9000464u Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Seagate Goflex Sattelite	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Seagate Wireless Mobile Storage	All versions
Seagate Wireless Plus Mobile Storage	All versions

Configuration C

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Lacie Lac9000436u Firmware	Up to 2.3.0.014
Lacie Lac9000464u Firmware	Up to 2.3.0.014

Running on/with	Platform Versions
Lacie Lac9000436u	All versions
Lacie Lac9000464u	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

https://www.kb.cert.org/vuls/id/903500

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/GWAN-A26L3F

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/903500

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/GWAN-A26L3F

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.