cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIomega Storcenter Pro
HWIomegawszystkie wersjeIomega Storcenter Pro Firmware
OSIomegawszystkie wersje
Related vulnerabilities
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in clearte...
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY e...
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Driv...
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be d...
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attac...