BRiT Posted September 8, 2015 Share Posted September 8, 2015 http://betanews.com/2015/09/07/time-to-patch-your-firmware-backdoor-discovered-into-seagate-nas-drives/ Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others. The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014. The problems were discovered way back in March, but a patch has only recently been published, along with an advisory notice from US CERT. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.