Drobo: >> 5n2 Firmware Security Vulnerabilities
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.
CVSS Score
9.8
EPSS Score
0.639
Published
2018-12-03
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.
CVSS Score
7.5
EPSS Score
0.108
Published
2018-12-03
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-12-03
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-12-03
Page 2