cbcvebase.
CVE-2015-2876
published 2015-12-31

CVE-2015-2876: Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL…

PriorityP353high8.8CVSS 3.0
AVAACLPRNUINSUCHIHAH
EPSS
2.77%
84.5th percentile
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.

Affected

2 ranges
VendorProductVersion rangeFixed in
lacielac9000436u_firmware<= 2.3.0.014
lacielac9000464u_firmware<= 2.3.0.014

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:A/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.