drobo 5n2_firmware CVE Vulnerabilities (15)

CVEs: 15 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting drobo 5n2_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 115 of 15 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2018-14705 In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself. [email protected] 9.8 1.85% 2020-02-24 2026-06-16
CVE-2018-14709 Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation. [email protected] 9.8 1.91% 2018-12-03 2026-06-16
CVE-2018-14708 An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. [email protected] 9.8 1.27% 2018-12-03 2026-06-16
CVE-2018-14707 Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. [email protected] 7.5 27.82% 2018-12-03 2026-06-16
CVE-2018-14706 System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request. [email protected] 9.8 17.11% 2018-12-03 2026-06-16
CVE-2018-14704 Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. [email protected] 6.1 0.71% 2018-12-03 2026-06-16
CVE-2018-14703 Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. [email protected] 9.8 1.34% 2018-12-03 2026-06-16
CVE-2018-14702 Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. [email protected] 7.5 1.31% 2018-12-03 2026-06-16
CVE-2018-14701 System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. [email protected] 9.8 19.99% 2018-12-03 2026-06-16
CVE-2018-14700 Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter. [email protected] 7.5 1.31% 2018-12-03 2026-06-16
CVE-2018-14699 System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter. [email protected] 9.8 29.40% 2018-12-03 2026-06-16
CVE-2018-14698 Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. [email protected] 6.1 0.71% 2018-12-03 2026-06-16
CVE-2018-14697 Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. [email protected] 6.1 0.71% 2018-12-03 2026-06-16
CVE-2018-14696 Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. [email protected] 7.5 1.31% 2018-12-03 2026-06-16
CVE-2018-14695 Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. [email protected] 7.5 1.31% 2018-12-03 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence