CVE-2013-5006

2013-07-3113:20:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2013-5006

western digital

my net

n600

n750

n900

n900c

firmware

remote attackers

cleartext password

html

security vulnerability

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.092 Low

EPSS

Percentile

94.6%

JSON

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the “var pass=” line within the HTML source code.

CPENameOperatorVersion
westerndigital:my_net_n900westerndigital my net n900eq-
westerndigital:my_net_n900cwesterndigital my net n900ceq-
westerndigital:my_net_n750westerndigital my net n750eq-

CPE	Name	Operator	Version
westerndigital:my_net_n900	westerndigital my net n900	eq	-
westerndigital:my_net_n900c	westerndigital my net n900c	eq	-
westerndigital:my_net_n750	westerndigital my net n750	eq	-