Vulnerability Details CVE-2018-5347
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.389
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2018-5347
-
cpe:2.3:h:seagate:personal_cloud:-
-
cpe:2.3:o:seagate:personal_cloud_firmware:-