Insufficient Access Control in Seagate NAS OS 4.3.15.1 Allows Unauthorized Information Retrieval via Empty POST Requests
CVE-2018-12296 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.
Learn more about our Api Penetration Testing.