Seagate: >> Personal Cloud Firmware Security Vulnerabilities
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
CVSS Score
7.5
EPSS Score
0.058
Published
2018-04-28
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVSS Score
9.8
EPSS Score
0.389
Published
2018-01-12