CVE-2020-6627 (stcg2000300_firmware, stcg3000300_firmware, stcg4000300_firmware)

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the «start» state and sending a check_device_name request.