Description
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/903500
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
Scores
CVSS v3
7.5
EPSS
0.0317
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (5)
lacie/lac9000436u_firmware
< 2.3.0.014
lacie/lac9000464u_firmware
< 2.3.0.014
seagate/goflex_sattelite
seagate/wireless_mobile_storage
seagate/wireless_plus_mobile_storage
Published
Dec 31, 2015
Tracked Since
Feb 18, 2026