Every CVE whose affected-product data names Drobo 5n2 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2018-14708 — CVSS 9.8 (critical): An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network…
CVE-2018-14703 — CVSS 9.8 (critical): Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated…
CVE-2018-14706 — CVSS 9.8 (critical): System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated…
CVE-2018-14705 — CVSS 9.8 (critical): In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of…
CVE-2018-14699 — CVSS 9.8 (critical): System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated…
CVE-2018-14709 — CVSS 9.8 (critical): Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to…
CVE-2018-14701 — CVSS 9.8 (critical): System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated…
CVE-2018-14702 — CVSS 7.5 (high): Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated…
CVE-2018-14696 — CVSS 7.5 (high): Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers…
CVE-2018-14700 — CVSS 7.5 (high): Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers…
CVE-2018-14695 — CVSS 7.5 (high): Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers…
CVE-2018-14707 — CVSS 7.5 (high): Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload…
CVE-2018-14697 — CVSS 6.1 (medium): Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute…
CVE-2018-14698 — CVSS 6.1 (medium): Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute…
CVE-2018-14704 — CVSS 6.1 (medium): Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a…