June 12, 2021

Advisory | Seagate Central Storage Remote Code Execution 0day

Advisory | Seagate Central Storage Remote Code Execution 0day



After reporting this vulnerability to Seagate we were very frustrated with the response. They first claimed that “this product was designed and targeted for personal home use within a personal LAN” thus has no real attack surface. But then we proved othervise by providing the number of exploitable devices open to internet using services such as shodan.io and censys.io. But it seems they just don’t care ¯_(ツ)_/¯ We had no expectation of any kind of bounty or points we just wanted to write a cool blog post, the only reason for using Bugcrowd platform was, Seagate is only accepting bug reports by a external Bugcrowd submission form.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.