Tangible Security has discovered critical vulnerabilities in wireless network storage devices made by Seagate.
Three devices – Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL – with firmware versions 2.2.0.005 and 2.3.0.014 are vulnerable to three attack vectors.
“With products from large vendors such as Seagate, there tend to be numerous product names for basically the same product under the same vendor’s name or another vendor,” said Tangible Security.
“Tangible Security cannot enumerate all of the named products as well as Seagate. Other named products may be affected.”
The vulnerabilities include the use of hard-coded credentials, direct request, and unrestricted uploading of files with dangerous type.
Seagate has posted firmware updates which patch the vulnerabilities.