Note:
This project will be discontinued after December 13, 2021. [more]
Product:
5n2_firmware
(Drobo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-03 | CVE-2018-14699 | System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. | 5n2_firmware | 9.8 | ||
| 2018-12-03 | CVE-2018-14698 | Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | 5n2_firmware | 6.1 | ||
| 2018-12-03 | CVE-2018-14697 | Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. | 5n2_firmware | 6.1 | ||
| 2018-12-03 | CVE-2018-14696 | Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. | 5n2_firmware | 7.5 | ||
| 2018-12-03 | CVE-2018-14695 | Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. | 5n2_firmware | 7.5 |