Insufficient Access Control in Seagate NAS OS 4.3.15.1 Allows Unauthorized Information Retrieval via Empty POST Requests

Insufficient Access Control in Seagate NAS OS 4.3.15.1 Allows Unauthorized Information Retrieval via Empty POST Requests

CVE-2018-12296 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.

Learn more about our Api Penetration Testing.