Nice Seagate wireless hard drive you have there. Shame if anybody on your network had full access to it. Unfortunately, that's exactly what can happen, thanks to vulnerabilities found in some models of the company's external hard drives. A CERT report details the problem, which affects Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and Seagate-powered LaCie Fuel drives.
First and foremost, these drives have "undocumented Telnet services" enabled by default, which can be accessed with the "root" username and a default password. That's enough for anyone on the same network as the drives to gain what is likely system-level access. Attackers could siphon off any or all of the data on the drives, and perhaps plant some neat booby traps or files of their own.
The problems don't end there, though. The drives in question don't fully validate user authorization when browsing files, granting "unrestricted file download capability" to anonymous users on the network. There's an upload vulnerability, as well: with the default configuration, attackers can upload anything they wish to the drives' file sharing partition.
The report indicates that firmware versions 2.2.0.005 and 2.3.0.014 on the above drives are affected, and it doesn't exclude the possibility that other versions may also be vulnerable.
|Razer Kiyo and Seiren X set the stage for streaming excellence||11|
|MSI Cubi 3 Silent and Silent S can be seen but not heard||9|
|Massdrop's Vast 35" VA display lives up to its name||23|
|Spitballing the performance of Nvidia's purported GTX 1070 Ti||17|
|Friday deals: a huge monitor, racing gear, audio, and more||19|
|G.Skill 3800 MT/s SO-DIMMs put lightning in tiny bottles||8|
|Cooler Master bedazzles the MasterLiquid Lite ML120L and ML240L||3|
|Razer Electra V2 offers affordable immersion||6|
|Samsung 360 Round camera captures the world from all angles||11|