CVE-2018-14705

Published: Feb 24, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc

x_refsource_MISC

https://www.ise.io/casestudies/sohopelessly-broken-2-0/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14705

Description

Affected Products

References