Seagate Central unauthenticated file upload

Added: 06/09/2015

Background

Seagate Central is a personal cloud storage device which can be connected to a wireless router.

Problem

Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by uploading PHP scripts to the web document root.

Resolution

Block access to the Seagate Central device at the firewall.

References

https://www.exploit-db.com/exploits/37184/

Limitations

Exploit creates the file /cirrus/shell.php which should be manually removed from the web document root after exploitation.
Back to exploit index