CVE-2020-6627

CVSS V2 None CVSS V3 None
Description
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
Overview
  • CVE ID
  • CVE-2020-6627
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-06T15:15:15
  • Last Modified Date
  • 2022-12-07T19:54:11
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:seagate:stcg2000300_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:seagate:stcg2000300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:seagate:stcg3000300_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:seagate:stcg3000300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:seagate:stcg4000300_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:seagate:stcg4000300:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2022-12-07 18:06:49 Added to TrackCVE
2022-12-07 19:15:40 2022-12-06T15:15:15.730 2022-12-06T15:15:15 CVE Published Date updated
2022-12-07 19:15:40 2022-12-06T15:35:41 CVE Modified Date updated
2022-12-07 19:15:40 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-07 20:17:00 2022-12-07T19:54:11 CVE Modified Date updated
2022-12-07 20:17:00 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-07 20:17:00 CWE-78 Weakness Enumeration new
2022-12-07 20:17:01 CPE Information updated