Vulnerabilites related to western_digital - my_cloud_pr2100_firmware
CVE-2019-9951 (GCVE-0-2019-9951)
Vulnerability from cvelistv5
Published
2019-04-24 17:26
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932 | x_refsource_CONFIRM | |
| https://support.wdc.com/downloads.aspx?g=2702&lang=en | x_refsource_CONFIRM | |
| https://bnbdr.github.io/posts/wd/ | x_refsource_MISC | |
| https://github.com/bnbdr/wd-rce/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bnbdr/wd-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-28T17:40:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bnbdr/wd-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
"refsource": "CONFIRM",
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"name": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en",
"refsource": "CONFIRM",
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"name": "https://bnbdr.github.io/posts/wd/",
"refsource": "MISC",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"name": "https://github.com/bnbdr/wd-rce/",
"refsource": "MISC",
"url": "https://github.com/bnbdr/wd-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9951",
"datePublished": "2019-04-24T17:26:16",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17153 (GCVE-0-2018-17153)
Vulnerability from cvelistv5
Published
2018-09-18 00:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105359",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"tags": [
"x_transferred"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user\u0027s IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user\u0027s IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-28T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105359",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17153",
"datePublished": "2018-09-18T00:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-09-18 15:29
Modified
2024-11-21 03:53
Severity ?
Summary
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_wdbctl0020hwt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72826ADF-89BA-4C0B-B309-7B4D1D522EEF",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_wdbctl0020hwt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69232FE-B692-4334-A06D-11023EE27D75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA6C98B-CD5F-40ED-A831-4F1927012950",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF44A0E-2B7A-4525-BC0A-7C56271655B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9FFCC4-7C24-4C03-B522-BE083E5F0303",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19BE2A1-CA04-4815-AC90-228292E900AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A51BAB-2107-4ABB-B3EB-F74F1661F779",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59E4EF23-60FE-43D4-9637-21977089B91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A0D86-EE7A-427E-9A1A-909C9FB8DD7E",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59F71114-72DC-4615-9F81-474F3B12EA36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450B318F-4731-44B2-92B9-E609DAF5D36D",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74DAD0B3-E596-46F3-81EB-DE4D9BC8C8F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614A2E24-88A4-4C61-A05F-63B7EE3425FD",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAFE67F-96B1-41E7-AC44-6EF652F2E206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36E6F9E3-F0AE-46D9-A503-6B72B78676B7",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62E9610C-43A8-483A-BB7B-789C25AA97A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1C4B10-0193-4D81-A43F-4B6D45918E01",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0E860-8524-4494-B18A-45D79A17054B",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A245E9A-CB59-4B34-BB54-3DDAAB556E72",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CAC50A-30D0-4D67-AC01-1CFD102F4A07",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C352EC-57F1-4DE0-A160-605277F01543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "981FA25E-7FF4-449D-9A29-CAED094625E8",
"versionEndExcluding": "2.30.196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA309B-4692-43E7-B493-9E1DBD3C7E3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user\u0027s IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user\u0027s IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie."
},
{
"lang": "es",
"value": "Se ha descubierto que el dispositivo Western Digital My Cloud hasta las versiones 2.30.x se ve afectado por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado puede explotar esta vulnerabilidad para autenticarse como usuario administrador sin necesitar proporcionar una contrase\u00f1a, obteniendo as\u00ed el control total del dispositivo. (Cuando un administrador inicia sesi\u00f3n en My Cloud, se crea una sesi\u00f3n del lado del servidor que est\u00e1 conectado a la direcci\u00f3n IP del usuario. Tras crear la sesi\u00f3n, es posible llamar a m\u00f3dulos CGI autenticados mediante el env\u00edo de la cookie username=admin en la petici\u00f3n HTTP. El CGI invocado comprobar\u00e1 si hay una sesi\u00f3n v\u00e1lida presente y la conectar\u00e1 con la IP del usuario). Se ha descubierto que es posible para un atacante no autenticado crear una sesi\u00f3n v\u00e1lida sin iniciar sesi\u00f3n. El m\u00f3dulo CGI network_mgr.cgi contiene un comando llamado \"cgi_get_ipv6\" que inicia una sesi\u00f3n de administrador (enlazada con la direcci\u00f3n IP del usuario que realiza la petici\u00f3n) si se proporciona el par\u00e1metro adicional \"flag\" con el valor \"1\". La invocaci\u00f3n subsecuente de comandos que normalmente requerir\u00edan privilegios de administrador tendr\u00eda \u00e9xito ahora si el atacante establece la cookie username=admin."
}
],
"id": "CVE-2018-17153",
"lastModified": "2024-11-21T03:53:58.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-18T15:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-24 18:29
Modified
2024-11-21 04:52
Severity ?
Summary
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765BE777-5379-43E6-83A1-2CDF06410DE3",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59E4EF23-60FE-43D4-9637-21977089B91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE9D9CA-F875-4A77-92F7-2AEF1FBA368C",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A522A184-6C69-42DF-95B6-F89DD27ECE9B",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62E9610C-43A8-483A-BB7B-789C25AA97A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_ex4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4B9E3E-EC08-4A37-B518-2EE1EC8A62C3",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74DAD0B3-E596-46F3-81EB-DE4D9BC8C8F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA7B78F-C555-4A09-AED5-BD8763FA8B4E",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EA309B-4692-43E7-B493-9E1DBD3C7E3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E6094-EEC0-41AA-9C9A-4FA342A1B66F",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C352EC-57F1-4DE0-A160-605277F01543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA29107B-496B-4CE6-9FB3-D0CC9BB82ADA",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19BE2A1-CA04-4815-AC90-228292E900AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_pr4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB98935-21BA-41E2-A82C-B17F1B0C3236",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF44A0E-2B7A-4525-BC0A-7C56271655B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:western_digital:my_cloud_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEFE3E9-42D3-456E-947D-8DBF27CC913E",
"versionEndExcluding": "2.31.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:western_digital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "338651C2-46D2-4F98-AAEF-5CF445B6D640",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
},
{
"lang": "es",
"value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 y My Cloud PR4100 versi\u00f3n anterior a 2.31.174, se ven impactados por una vulnerabilidad de carga de archivo no autenticada. La p\u00e1gina web/jquery/uploader/uploadify.php puede ser accedida sin credenciales, y permite cargar archivos arbitrarios en cualquier ubicaci\u00f3n sobre el almacenamiento adjunto."
}
],
"id": "CVE-2019-9951",
"lastModified": "2024-11-21T04:52:39.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T18:29:01.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bnbdr/wd-rce/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bnbdr.github.io/posts/wd/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bnbdr/wd-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}