Full title: Seagate Central Remote Root Exploit 
Category: remote exploits
Platform: hardware
Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

# 0day.today @ http://0day.today/