CERT.org issued a warning related Seagate wireless disk because they include a hidden login, most exactly a Telnet services that is not documented.
This security issue allows anonymous attackers to download every file on the disk.
“Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.” States the CERT.
Unfortunately, there are also other problems affecting the devices, another vulnerability affecting the Seagate wireless disk could be exploited to upload any file on the default sharing directory present on the device.
Below the complete list of vulnerabilities affecting the Seagate wireless disks:
CVE-2015-2874, where “Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.”
CVE-2015-2875, ” Under a default configuration, Seagate wireless hard-drives provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the file system.”
CVE-2015-2876, “Under a default configuration, Seagate wireless hard-drives provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for the file-sharing.”
The above vulnerabilities can be exploited if the disks are running the firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014, but versions can be affected by these vulnerabilities as well.
What does that mean for a usual user? These three flaws can be exploited by an attacker on the user’s network (coming from the inside or outside) to access the files on the Seagate wireless disks with a root access which gives him full permissions.
In order to fix the security issued affecting the Seagate wireless disks, Seagate released the firmware version 126.96.36.199 and urges its customers to upload it as soon as possible.
About the Authors Elsio Pinto
(Security Affairs – Seagate wireless disks, hacking)