CVE-2014-8684

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-8684. Includes Metasploit module exploits/linux/http/seagate_nas_php_exec_noauth.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in Seagate Business NAS devices via a local file inclusion flaw in the CodeIgniter session cookie's language parameter. It decrypts the session cookie, modifies it to gain admin privileges, and injects a PHP payload to achieve RCE.

Description

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.

Exploits (2)

metasploit WORKING POC NORMAL

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Seagate Business NAS devices via a local file inclusion flaw in the CodeIgniter session cookie's language parameter. It decrypts the session cookie, modifies it to gain admin privileges, and injects a PHP payload to achieve RCE.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Seagate Business NAS (STBN300 and others)

No auth needed

Prerequisites: Network access to the target device · PHP and CodeIgniter session cookie manipulation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 23, 2026 Full analysis →

exploitdb WORKING POC

rubyremotephp

https://www.exploit-db.com/exploits/36264