CVE-2018-5347

CVE: CVE-2018-5347
Published: 2018-01-12T01:29Z
Vendor: seagate
Products: personal_cloud_firmware
Versions: -,
Description Language: en
Description: Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
References:

SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities


https://www.exploit-db.com/exploits/43659/