CVE-2014-8687

CRITICAL

Seagate Business NAS <2015.00322 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-8687. PoCs published by Metasploit, OJ Reeves, including Metasploit module exploits/linux/http/seagate_nas_php_exec_noauth.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in Seagate Business NAS devices via a local file inclusion vulnerability in the CodeIgniter session cookie. It manipulates the session cookie to gain admin privileges and then injects a PHP payload to achieve remote code execution.

Description

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/36264

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Seagate Business NAS devices via a local file inclusion vulnerability in the CodeIgniter session cookie. It manipulates the session cookie to gain admin privileges and then injects a PHP payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seagate Business NAS (STBN300)
No auth needed
Prerequisites: Network access to the target device · Target device must be running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by OJ Reeves · pythonwebappshardware
https://www.exploit-db.com/exploits/36202

This exploit targets a pre-authentication remote code execution vulnerability in Seagate Business NAS devices. It leverages a session manipulation flaw to execute arbitrary commands as root, either by installing a webshell or generating an admin session cookie.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seagate Business NAS (pre-authentication)
No auth needed
Prerequisites: Network access to the target NAS device · Target device must be running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Seagate Business NAS devices via a local file inclusion flaw in the CodeIgniter session cookie's language parameter. It decrypts the session cookie, modifies it to gain admin privileges, and injects a PHP payload to achieve RCE.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seagate Business NAS (STBN300 and others)
No auth needed
Prerequisites: Network access to the target device · CodeIgniter session cookie with known XOR key
devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory x_refsource_misc
https://beyondbinary.io/articles/seagate-nas-rce/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72831
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36202/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36264/

Scores

CVSS v3 9.8
EPSS 0.4987
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-327
Status published
Products (1)
seagate/business_nas_firmware 2014.00319
Published Jun 08, 2017
Tracked Since Feb 18, 2026