CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password.



CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2875



Under a default configuration, some Seagate wireless storage products provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.



CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-2876



Under a default configuration, some Seagate wireless storage products provides a file upload capability to anonymous attackers with wireless access to the device's /media/sda2 filesystem. This filesystem is reserved for file-sharing.



These vulnerabilities were confirmed by the reporter as existing in firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014. Other firmware versions may be affected.



The following devices are impacted by this issue: Seagate Wireless Plus Mobile Storage



Seagate Wireless Mobile Storage



LaCie FUEL (note that LaCie is a subsidiary of Seagate since 2012)



Seagate GoFlex Satellite