CVE-2015-2876

EUVD-2015-2964
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
lacielac9000436u_firmware
𝑥
≤ 2.3.0.014
lacielac9000464u_firmware
𝑥
≤ 2.3.0.014
seagatewireless_mobile_storage
*
seagatewireless_plus_mobile_storage
*
seagategoflex_sattelite
*
𝑥
= Vulnerable software versions
References
https://www.kb.cert.org/vuls/id/903500
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
https://www.kb.cert.org/vuls/id/903500
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
https://www.kb.cert.org/vuls/id/GWAN-A26L3F