The Seagate BlackArmor network attached storage device contains a static administrator password reset vulnerability.
The Seagate BlackArmor network attached storage device contain a static php file used to reset the administrator password. A remote unauthenticated attacker with access to the device's management web server can directly access the webpage, http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php and reset the administrator password.
A remote unauthenticated attacker may be able to reset the administrator password of the device.
The vendor has stated that updated firmware has been released that addresses this vulnerability. Updated firmware for 1, 2 and 4-bay Seagate BlackArmor devices can be found under the "Downloads" tab on vendor's support website.
Restrict network access
Thanks to Jason Ellison for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-05-23|
|Date Last Updated:||2012-07-18 20:11 UTC|