System Command Injection in Drobo 5N2 NAS Version 4.0.5-13.28.96115 via /DroboAccess/enable_user Endpoint

System Command Injection in Drobo 5N2 NAS Version 4.0.5-13.28.96115 via /DroboAccess/enable_user Endpoint

CVE-2018-14699 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

Learn more about our User Device Pen Test.