Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Advisory: Seagate NAS Remote Code Execution - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Advisory: Seagate NAS Remote Code Execution

Beyond Binary is reporting a vulnerability affecting Seagate's Business Storage line of NAS devices and possibly other Seagate NAS products. These are fairly common devices in SOHO and even small enterprise applications. 

It appears that a number of OTS components and the custom web application used in the web management interface are out of date and will permit unimpeded access to the administration functions of the device.  It is believe that versions of the firmware up to and including 2014.00319 are vulnerable. 

It appears to be trivial to exploit the devices and a metasploit module and an exploit are publicly available.

It is hoped that if you have one of these devices in your network that you do not have the administration interface accessible on the Internet.  If you do you will want to remove it. You can be sure that the bad guys have started scanning for these devices. At this point no updated firmware is available to resolve this issue.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - - Twitter:namedeplume (Protected)


324 Posts
ISC Handler
Mar 1st 2015
More information is available at:…

This article describes OJ Reeves of Beyond Binary's attempt to do responsible disclosure with Seagate and Seagate's lack of useful response. Going public with this vulnerability is his attempt at forcing Seagate's hand.

324 Posts
ISC Handler
Thanks for the help, I've looked on many websites but only yours and worked!
1 Posts

Sign Up for Free or Log In to start participating in the conversation!