漏洞描述
【漏洞对象】Seagate Personal Cloud 【漏洞描述】 Seagate PersonalCloud是一种消费级网络连接存储设备(NAS。结果发现,用于管理NAS的Web应用程序受到各种未经身份验证的信息泄露漏洞的影响。设备配置为信任任何CORS源,可通过personalcloud.local域名访问。 因此,任何网站都可以访问此信息。虽然此信息不允许攻击者破坏NAS,但该信息可用于进行更有针对性的攻击。
希捷私人云盘system.System.get_infos接口-泄漏敏感信息
PoC代码
暂无相关漏洞推荐
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- Optilink 管理系统 /cgi/fsystem/gene.php 命令执行漏洞
- Omnissa Workspace ONE UEM /DevicesGateway/apps/system-app-metadata 目录遍历漏洞(CVE-2025-25231)
- POC CVE-2022-45699: APsystems ECU-R Firmware - Command Injection
- POC azure-apim-system-assigned-identity-unconfigured: Azure API Management Service System-Assigned Managed Identity Not Configured
- POC azure-functionapp-system-assigned-missing: System-Assigned Managed Identities for Azure Functions
- POC baiteng-customer-relationship-system-weak-password: 百腾客户关系系统弱口令
- POC dlink-sharecenter-dns-320-rce: D-Link ShareCenter DNS-320 system_mgr.cgi 远程命令执行漏洞
- POC e-learning-system-authentication-bypass-rce: E-Learning System 1.0 - Authentication Bypass
- POC k8s-readonly-fs: Enforce Read-Only Filesystem for Containers
- POC k8s-readonly-rootfs: Pods with read-only root filesystem
- POC jinpan-weichatcfg-disclosure: 金盘微信管理平台 getsysteminfo信息泄露
- POC landray-ekp-sysFormMainDataInsystemWebservice-fileread: Landray EKP sysFormMainDataInsystemWebservice File Read