Stealing all files from Seagate wireless disks is too easy

Computer Forensics
Tools

The CERT_org issued an alert on Seagate wireless disks because they contain multiple flaws that could be exploited to download their entire content.
CERT.org issued a warning related Seagate wireless disk because they include a hidden login, most exactly a Telnet services that is not documented.

This security issue allows anonymous attackers to download every file on the disk.

"Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password." States the CERT.
Unfortunately, there are also other problems affecting the devices, another vulnerability affecting the Seagate wireless disk could be exploited to upload any file on the default sharing directory present on the device.

Seagate wireless disks 2

Below the complete list of vulnerabilities affecting the Seagate wireless disks:

CVE-2015-2874, where "Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password."

CVE-2015-2875, " Under a default configuration, Seagate wireless hard-drives provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the file system."

CVE-2015-2876, "Under a default configuration, Seagate wireless hard-drives provides a file upload capability to anonymous attackers with wireless access to the device's /media/sda2 filesystem. This filesystem is reserved for the file-sharing."

The above vulnerabilities can be exploited if the disks are running the firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014, but versions can be affected by these vulnerabilities as well.

What does that mean for a usual user? These three flaws can be exploited by an attacker on the user's network (coming from the inside or outside) to access the files on the Seagate wireless disks with a root access which gives him full permissions.

In order to fix the security issued affecting the Seagate wireless disks, Seagate released the firmware version 3.4.1.105 and urges its customers to upload it as soon as possible.

Advertise your events and products at CISSP.COM

We Recommend

 

 







We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies, Terms of Use.