CVE-2015-2876
moderate-risk
Published 2015-12-31
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (5)
Lac9000436U Firmware
Wireless Mobile Storage
Wireless Plus Mobile Storage
Lac9000464U Firmware
Goflex Sattelite
References (6)
Third Party Advisory
https://www.kb.cert.org/vuls/id/903500
Third Party Advisory
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
Third Party Advisory
https://www.kb.cert.org/vuls/id/903500
Third Party Advisory
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
44
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
5/34 · Minimal
Exposure
12/34 · Low