Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Drobo Subscribe
Filtered by product 5n2

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-14709 1 Drobo 2 5n2, 5n2 Firmware 2020-03-13 5.0 MEDIUM 9.8 CRITICAL
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.
CVE-2018-14701 1 Drobo 2 5n2, 5n2 Firmware 2020-03-13 7.5 HIGH 9.8 CRITICAL
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
CVE-2018-14705 1 Drobo 2 5n2, 5n2 Firmware 2020-03-02 10.0 HIGH 9.8 CRITICAL
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.
CVE-2018-14699 1 Drobo 2 5n2, 5n2 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
CVE-2018-14706 1 Drobo 2 5n2, 5n2 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.
CVE-2018-14703 1 Drobo 2 5n2, 5n2 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.
CVE-2018-14708 1 Drobo 2 5n2, 5n2 Firmware 2019-02-05 7.5 HIGH 9.8 CRITICAL
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.