Vulnerability Description
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lacie | Lac9000436U | All versions |
| Lacie | Lac9000464U | All versions |
| Lacie | Lac9000436U Firmware | <= 2.3.0.014 |
| Lacie | Lac9000464U Firmware | <= 2.3.0.014 |
| Seagate | Wireless Mobile Storage | All versions |
| Seagate | Wireless Plus Mobile Storage | All versions |
| Seagate | Goflex Sattelite | All versions |
References
- https://www.kb.cert.org/vuls/id/903500Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-9ZGTUHThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-A26L3FThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/903500Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-9ZGTUHThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-A26L3FThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-2876?
CVE-2015-2876 is a vulnerability with a CVSS score of 8.8 (HIGH). Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows ...
How severe is CVE-2015-2876?
CVE-2015-2876 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2876?
Check the references section above for vendor advisories and patch information. Affected products include: Lacie Lac9000436U, Lacie Lac9000464U, Lacie Lac9000436U Firmware, Lacie Lac9000464U Firmware, Seagate Wireless Mobile Storage.