Vulnerability Details CVE-2013-6922
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.4%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2013-6922
-
cpe:2.3:h:seagate:blackarmor_nas_220:st320005lsa10g-rk
-
cpe:2.3:h:seagate:blackarmor_nas_220:st340005lsa10g-rk
-
cpe:2.3:h:seagate:blackarmor_nas_220:stav6000100
-
cpe:2.3:o:seagate:blackarmor_nas_220_firmware:sg2000-2000.1331