← Back

Personal Cloud Firmware

personal_cloud_firmware

Vendor: Seagate • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-18263
1Seagate
1Personal Cloud Firmware
Nov 21, 2024
Apr 28, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
CVE-2018-5347
1Seagate
1Personal Cloud Firmware
Nov 21, 2024
Jan 12, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metach...Show more
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.Show less