Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Seagate Personal Cloud Seagate Media Server 命令注入漏洞
Vulnerability Description
Seagate Personal Cloud是美国希捷(Seagate)公司的一款个人云存储设备。Seagate Media Server是其中的一个媒体服务器。 Seagate Personal Cloud中的Seagate Media Server的‘uploadTelemetry’和‘getLogs’函数存在命令注入漏洞,该漏洞源于程序使用fastcgi.server组件处理.psp URLs,并且没有正确的处理shell元字符。攻击者可利用该漏洞以root权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A