Seagate Personal Cloud Home Media Storage Devices

A security researcher detected a vulnerability present in Seagate Personal Cloud Home Media Storage devices that impacts the web management interface used to enable user interaction with stored data via a network connection. This vulnerability, if exploited, could allow a threat actor to gain unauthorized access to the network-attached storage device (NAS), alter the root password, and enable remote SSH access. In order to successfully leverage this vulnerability, however, the web interface must be accessed on the same local area network (LAN) as the targeted NAS device. The NJCCIC strongly encourages all Seagate Personal Cloud Home Media Storage users and administrators to update their device firmware to version 4.3.18.0 as soon as possible.