CVE-2017-18263
HIGHSeagate Personal Cloud Firmware < 4.3.18.4 - Path Traversal via getPhotoPlaylistPhotos.psp URL Parameter
Title source: llmDescription
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sumofpwn.nl/advisory/2017/seagate-media-server-path-traversal-vulnerability.html
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/147274/Seagate-Media-Server-Path-Traversal.html
Scores
CVSS v3
7.5
EPSS
0.0369
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
seagate/personal_cloud_firmware
< 4.3.18.4
Published
Apr 28, 2018
Tracked Since
Feb 18, 2026