Seagate Security Advisories

Thank you for visiting Seagate's Security Advisories Page. Below you will find security updates for its products including Seagate, LaCie and Maxtor.

To submit a new vulnerability to Seagate please email security.reporting@seagate.com with the vulnerability details. PGP public key can be found here.

 

IssueProductsSolutionRelease Date

CVE-2006-7243
CodeIgniter 2.1.0
PHP 5.2.3
and other exploits

Seagate Business Storage NAS Business Storage NAS- Increasing Security 5/1/2015
CVE-2015-2876
CVE-2015-2875
CVE-2015-2874
Seagate Wireless,Wireless Plus and LaCie Fuel Download Finder 9/1/2015

 

Badlock Update:

On Tuesday, April 12, security researchers disclosed specifics of the Badlock vulnerability, and fixes became available from Samba.  In anticipation of this release, Seagate promptly began its investigation and plans to take immediate action in order to secure impacted products.

Seagate does have reason to believe some of its Network Attached Storage (NAS) products are affected by Badlock. Seagate has plans to incorporate the Samba fixes where applicable and will provide firmware updates over the coming weeks following quality testing. Seagate encourages all of its NAS users to protect their devices by observing standard security practices such as ensuring their device is not exposed directly to the internet or other hostile networks, and to follow this web page for further updates.

In the meantime, here are some steps that you can take to help increase the security on your NAS today:

  • Ensure you have the latest updates for your device
  • Protect your device from remote hacking
    Some customers are concerned about the risk of having their NAS remotely hacked through the Internet.
    • Disable UPnP Port Forwarding on the NAS
    • If Port Forwarding was setup manually on the router, please disable the section that contains your NAS
  • Secure Network with Firewall
    Ensure that you have a firewall setup to secure your networkand that it is configured to allow only trusted systems to communicate to the NAS via HTTP and HTTPS.
  • Protect Your Device within Your Local Network or Intranet
    • Physically secure the NAS by ensuring it is stored in room or area where only NAS admins have access to the device.
    • Ensure that you have a firewall setup to secure your network and that it is configured to allow only trusted systems to communicate to the NAS via HTTP and HTTPS.