Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor. The issue stems from a number of outdated components upon which the NAS products web-based management application is built. A Shodan scan shows 2,500 vulnerable devices on the Internet, Beyond Binary said. Seagate is urging customers to ensure those boxes are not reachable online and are operating behind a firewall internally. A request for comment from Seagate went unanswered prior to publication.
Source: https://threatpost.com/seagate-business-nas-firmware-vulnerabilities-disclosed/111337/