ID
VAR-201802-0134
CVE
CVE-2014-3205
TITLE
BlackArmor NAS Vulnerabilities related to the use of hard-coded credentials
Trust: 0.8
DESCRIPTION
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. BlackArmor NAS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. A security vulnerability exists in the backupmgt/pre_connect_check.php file in SeagateBlackArmorNAS, which was caused by the program using a hard-coded password \342\200\230!~@##$$%FREDESWWSED\342\200\231. There are currently no detailed vulnerability descriptions. A remote attacker can exploit this vulnerability to gain root privileges on the device
Trust: 2.34
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | seagate | model: | blackarmor nas 220 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | seagate | model: | blackarmor nas 110 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | seagate | model: | blackarmor nas | scope: | - | version: | - | Trust: 0.8 |
| vendor: | seagate | model: | technology llc blackarmor nas | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | トップページ | url: | http://www.nexty-ele.com/product/detail/seagate-technology-llc/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-3205 | Trust: 3.2 |
| db: | EXPLOIT-DB | id: | 33159 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2014-008528 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2018-05857 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201802-609 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-71144 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2014-3205 | Trust: 0.1 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/33159/ | Trust: 2.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3205 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-3205 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/798.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2018-05857 |
| db: | VULHUB | id: | VHN-71144 |
| db: | VULMON | id: | CVE-2014-3205 |
| db: | JVNDB | id: | JVNDB-2014-008528 |
| db: | CNNVD | id: | CNNVD-201802-609 |
| db: | NVD | id: | CVE-2014-3205 |
LAST UPDATE DATE
2024-11-23T22:07:00.164000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-05857 | date: | 2018-03-21T00:00:00 |
| db: | VULHUB | id: | VHN-71144 | date: | 2018-03-18T00:00:00 |
| db: | VULMON | id: | CVE-2014-3205 | date: | 2018-03-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-008528 | date: | 2018-04-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201802-609 | date: | 2018-08-23T00:00:00 |
| db: | NVD | id: | CVE-2014-3205 | date: | 2024-11-21T02:07:40.513 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-05857 | date: | 2018-03-21T00:00:00 |
| db: | VULHUB | id: | VHN-71144 | date: | 2018-02-23T00:00:00 |
| db: | VULMON | id: | CVE-2014-3205 | date: | 2018-02-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-008528 | date: | 2018-04-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201802-609 | date: | 2018-02-26T00:00:00 |
| db: | NVD | id: | CVE-2014-3205 | date: | 2018-02-23T17:29:00.333 |