CVE-2015-2875

HIGH

Seagate - Path Traversal

Title source: llm
STIX 2.1

Description

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/903500
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.kb.cert.org/vuls/id/GWAN-A26L3F

Scores

CVSS v3 7.5
EPSS 0.0317
EPSS Percentile 86.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (5)
lacie/lac9000436u_firmware < 2.3.0.014
lacie/lac9000464u_firmware < 2.3.0.014
seagate/goflex_sattelite
seagate/wireless_mobile_storage
seagate/wireless_plus_mobile_storage
Published Dec 31, 2015
Tracked Since Feb 18, 2026