CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2283
https://notcve.org/view.php?id=CVE-2012-2283
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. Iomega Home Media Network Hard Drive con (firmware)EMC Lifeline anterior a v2.104, Home Media Network Hard Drive Cloud Edition con el (firmware) EMC Lifeline anterior a v3.2.3.15290, iConnect con (firmware) EMC Lifeline anterior a v2.5.26.18966, y StorCenter con (firmware) EMC Lifeline anterior a v2.0.18.23122, v2.1.x anterior a v2.1.42.18967, y v3.x anterior a v3.2.3.15290 permite a usuarios remotos autenticados leer o modificar datos en un recurso remoto compartido a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0056.html •
CVSS: 9.8EPSS: 34%CPEs: 2EXPL: 2CVE-2009-2367 – Iomega StorCenter Pro NAS Web Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-2367
cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. cgi-bin/makecgi-pro en Iomega StorCenter Pro genera sesiones IDs previsibles, que permiten a atacantes remotos secuestrar sesiones activas y obtener privilegios a través de ataques de fuerza bruta al parámetro session_id. The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative access. • http://osvdb.org/55586 http://secunia.com/advisories/35666 http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb?rev=6733 https://exchange.xforce.ibmcloud.com/vulnerabilities/51539 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1955
https://notcve.org/view.php?id=CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html http://www.iss.net/security_center/static/10523.php http://www.securityfocus.com/bid/6093 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1949
https://notcve.org/view.php?id=CVE-2002-1949
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html http://www.iss.net/security_center/static/10521.php http://www.securityfocus.com/bid/6092 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1863
https://notcve.org/view.php?id=CVE-2002-1863
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html http://www.iss.net/security_center/static/10530.php •