Vulnerabilites related to western_digital - my_cloud_ex2_ultra
CVE-2019-9951 (GCVE-0-2019-9951)
Vulnerability from cvelistv5
Published
2019-04-24 17:26
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932 | x_refsource_CONFIRM | |
| https://support.wdc.com/downloads.aspx?g=2702&lang=en | x_refsource_CONFIRM | |
| https://bnbdr.github.io/posts/wd/ | x_refsource_MISC | |
| https://github.com/bnbdr/wd-rce/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bnbdr/wd-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T17:40:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bnbdr/wd-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
"refsource": "CONFIRM",
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"name": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en",
"refsource": "CONFIRM",
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"name": "https://bnbdr.github.io/posts/wd/",
"refsource": "MISC",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"name": "https://github.com/bnbdr/wd-rce/",
"refsource": "MISC",
"url": "https://github.com/bnbdr/wd-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9951",
"datePublished": "2019-04-24T17:26:16",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17153 (GCVE-0-2018-17153)
Vulnerability from cvelistv5
Published
2018-09-18 00:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105359",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"tags": [
"x_transferred"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user\u0027s IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user\u0027s IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105359",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17153",
"datePublished": "2018-09-18T00:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18931 (GCVE-0-2019-18931)
Vulnerability from cvelistv5
Published
2019-11-13 15:34
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931 | x_refsource_MISC | |
| https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:34:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931"
},
{
"name": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18931",
"datePublished": "2019-11-13T15:34:46",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18930 (GCVE-0-2019-18930)
Vulnerability from cvelistv5
Published
2019-11-13 15:47
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt | x_refsource_MISC | |
| https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:47:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"
},
{
"name": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18930",
"datePublished": "2019-11-13T15:47:08",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18929 (GCVE-0-2019-18929)
Vulnerability from cvelistv5
Published
2019-11-13 15:50
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt | x_refsource_MISC | |
| https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:50:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt"
},
{
"name": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929",
"refsource": "MISC",
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18929",
"datePublished": "2019-11-13T15:50:18",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-09-18 15:29
Modified
2024-11-21 03:53
Severity ?
Summary
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_wdbctl0020hwt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72826ADF-89BA-4C0B-B309-7B4D1D522EEF",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_wdbctl0020hwt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69232FE-B692-4334-A06D-11023EE27D75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA6C98B-CD5F-40ED-A831-4F1927012950",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF44A0E-2B7A-4525-BC0A-7C56271655B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9FFCC4-7C24-4C03-B522-BE083E5F0303",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19BE2A1-CA04-4815-AC90-228292E900AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A51BAB-2107-4ABB-B3EB-F74F1661F779",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59E4EF23-60FE-43D4-9637-21977089B91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A0D86-EE7A-427E-9A1A-909C9FB8DD7E",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59F71114-72DC-4615-9F81-474F3B12EA36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450B318F-4731-44B2-92B9-E609DAF5D36D",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74DAD0B3-E596-46F3-81EB-DE4D9BC8C8F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614A2E24-88A4-4C61-A05F-63B7EE3425FD",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAFE67F-96B1-41E7-AC44-6EF652F2E206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36E6F9E3-F0AE-46D9-A503-6B72B78676B7",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62E9610C-43A8-483A-BB7B-789C25AA97A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1C4B10-0193-4D81-A43F-4B6D45918E01",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0E860-8524-4494-B18A-45D79A17054B",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A245E9A-CB59-4B34-BB54-3DDAAB556E72",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CAC50A-30D0-4D67-AC01-1CFD102F4A07",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C352EC-57F1-4DE0-A160-605277F01543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "981FA25E-7FF4-449D-9A29-CAED094625E8",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA309B-4692-43E7-B493-9E1DBD3C7E3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user\u0027s IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user\u0027s IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie."
},
{
"lang": "es",
"value": "Se ha descubierto que el dispositivo Western Digital My Cloud hasta las versiones 2.30.x se ve afectado por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado puede explotar esta vulnerabilidad para autenticarse como usuario administrador sin necesitar proporcionar una contrase\u00f1a, obteniendo as\u00ed el control total del dispositivo. (Cuando un administrador inicia sesi\u00f3n en My Cloud, se crea una sesi\u00f3n del lado del servidor que est\u00e1 conectado a la direcci\u00f3n IP del usuario. Tras crear la sesi\u00f3n, es posible llamar a m\u00f3dulos CGI autenticados mediante el env\u00edo de la cookie username=admin en la petici\u00f3n HTTP. El CGI invocado comprobar\u00e1 si hay una sesi\u00f3n v\u00e1lida presente y la conectar\u00e1 con la IP del usuario). Se ha descubierto que es posible para un atacante no autenticado crear una sesi\u00f3n v\u00e1lida sin iniciar sesi\u00f3n. El m\u00f3dulo CGI network_mgr.cgi contiene un comando llamado \"cgi_get_ipv6\" que inicia una sesi\u00f3n de administrador (enlazada con la direcci\u00f3n IP del usuario que realiza la petici\u00f3n) si se proporciona el par\u00e1metro adicional \"flag\" con el valor \"1\". La invocaci\u00f3n subsecuente de comandos que normalmente requerir\u00edan privilegios de administrador tendr\u00eda \u00e9xito ahora si el atacante establece la cookie username=admin."
}
],
"id": "CVE-2018-17153",
"lastModified": "2024-11-21T03:53:58.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-18T15:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 16:15
Modified
2024-11-21 04:33
Severity ?
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt | Third Party Advisory | |
| cve@mitre.org | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| western_digital | my_cloud_ex2_ultra_firmware | 2.31.195 | |
| western_digital | my_cloud_ex2_ultra | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.195:*:*:*:*:*:*:*",
"matchCriteriaId": "76767780-D209-472E-8BB2-642A8608B661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow."
},
{
"lang": "es",
"value": "El firmware Western Digital My Cloud EX2 Ultra versi\u00f3n 2.31.183, permite a usuarios web (incluidas las cuentas de invitados) ejecutar c\u00f3digo arbitrario remotamente por medio de un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo download_mgr.cgi."
}
],
"id": "CVE-2019-18929",
"lastModified": "2024-11-21T04:33:51.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T16:15:11.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 16:15
Modified
2024-11-21 04:33
Severity ?
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt | Third Party Advisory | |
| cve@mitre.org | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| western_digital | my_cloud_ex2_ultra_firmware | 2.31.183 | |
| western_digital | my_cloud_ex2_ultra | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.183:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2F5116-0257-4C89-964F-2B3A32FCC9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."
},
{
"lang": "es",
"value": "El firmware Western Digital My Cloud EX2 Ultra versi\u00f3n 2.31.183, permite a usuarios web (incluida la cuenta de invitado) ejecutar remotamente c\u00f3digo arbitrario por medio de un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria. No existe una l\u00f3gica de comprobaci\u00f3n de tama\u00f1o en una de las funciones en el archivo libscheddl.so, y download_mgr.cgi hace posible ingresar entradas f_idx de gran tama\u00f1o."
}
],
"id": "CVE-2019-18930",
"lastModified": "2024-11-21T04:33:51.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T16:15:11.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 16:15
Modified
2024-11-21 04:33
Severity ?
Summary
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt | Third Party Advisory | |
| cve@mitre.org | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| western_digital | my_cloud_ex2_ultra_firmware | 2.31.195 | |
| western_digital | my_cloud_ex2_ultra | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.195:*:*:*:*:*:*:*",
"matchCriteriaId": "76767780-D209-472E-8BB2-642A8608B661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters."
},
{
"lang": "es",
"value": "El firmware Western Digital My Cloud EX2 Ultra versi\u00f3n 2.31.195, permite un Desbordamiento de B\u00fafer con control Extended Instruction Pointer (EIP) por medio de par\u00e1metros GET/POST especialmente dise\u00f1ados"
}
],
"id": "CVE-2019-18931",
"lastModified": "2024-11-21T04:33:51.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T16:15:11.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-24 18:29
Modified
2024-11-21 04:52
Severity ?
Summary
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765BE777-5379-43E6-83A1-2CDF06410DE3",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59E4EF23-60FE-43D4-9637-21977089B91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE9D9CA-F875-4A77-92F7-2AEF1FBA368C",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A522A184-6C69-42DF-95B6-F89DD27ECE9B",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62E9610C-43A8-483A-BB7B-789C25AA97A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B9E3E-EC08-4A37-B518-2EE1EC8A62C3",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74DAD0B3-E596-46F3-81EB-DE4D9BC8C8F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA7B78F-C555-4A09-AED5-BD8763FA8B4E",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA309B-4692-43E7-B493-9E1DBD3C7E3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E6094-EEC0-41AA-9C9A-4FA342A1B66F",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C352EC-57F1-4DE0-A160-605277F01543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA29107B-496B-4CE6-9FB3-D0CC9BB82ADA",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19BE2A1-CA04-4815-AC90-228292E900AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB98935-21BA-41E2-A82C-B17F1B0C3236",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF44A0E-2B7A-4525-BC0A-7C56271655B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEFE3E9-42D3-456E-947D-8DBF27CC913E",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "338651C2-46D2-4F98-AAEF-5CF445B6D640",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
},
{
"lang": "es",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 y My Cloud PR4100 versi\u00f3n anterior a 2.31.174, se ven impactados por una vulnerabilidad de carga de archivo no autenticada. La p\u00e1gina web/jquery/uploader/uploadify.php puede ser accedida sin credenciales, y permite cargar archivos arbitrarios en cualquier ubicaci\u00f3n sobre el almacenamiento adjunto."
}
],
"id": "CVE-2019-9951",
"lastModified": "2024-11-21T04:52:39.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T18:29:01.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bnbdr/wd-rce/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bnbdr/wd-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}