Advisory | Seagate Central Storage Remote Code Execution 0day
After reporting this vulnerability to Seagate we were very frustrated with the response. They first claimed that “this product was designed and targeted for personal home use within a personal LAN” thus has no real attack surface. But then we proved othervise by providing the number of exploitable devices open to internet using services such as shodan.io and censys.io. But it seems they just don’t care ¯_(ツ)_/¯ We had no expectation of any kind of bounty or points we just wanted to write a cool blog post, the only reason for using Bugcrowd platform was, Seagate is only accepting bug reports by a external Bugcrowd submission form.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address