Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-12296 PoC — Seagate NAS OS 访问控制错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-12296.yaml
Associated Vulnerability
Title:Seagate NAS OS 访问控制错误漏洞 (CVE-2018-12296)
Description:Seagate NAS OS是美国希捷(Seagate)公司的一套NAS(网络附属存储)操作系统。 Seagate NAS OS 4.3.15.1文件中的 /api/external/7.0/system.System.get_infos存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。
Description
Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.
File Snapshot

 id: CVE-2018-12296

info:
  name: Seagate NAS OS 4.3.15.1 - Server Information Disclosure
  author: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.