CVE-2017-17560

🗓️ 12 Dec 2017 18:00:00Reported by mitreType

cvelist

cvelist🔗 www.cve.org👁 14 Views

Western Digital MyCloud PR4100 2.30.172 web admin allows unauthenticated file upload leading to arbitrary code executio

Reporter	Title	Published	Views	Family All 17
0day.today	Western Digital MyCloud multi_uploadify File Upload Exploit	16 Dec 201700:00	–	zdt
BDU FSTEC	The vulnerability of the multiuploadify.php script (located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100), allows a malicious user to execute arbitrary code with root privileges.	1 Feb 201800:00	–	bdu_fstec
Circl	CVE-2017-17560	18 Dec 201700:00	–	circl
CNVD	Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability	14 Dec 201700:00	–	cnvd
Check Point Advisories	Western Digital MyCloud Remote Code Execution (CVE-2017-17560)	10 Jan 201800:00	–	checkpoint_advisories
CVE	CVE-2017-17560	12 Dec 201718:00	–	cve
Dsquare	Western Digital My Cloud File Upload	9 Jan 201800:00	–	dsquare
Exploit DB	Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)	18 Dec 201700:00	–	exploitdb
Metasploit	Western Digital MyCloud multi_uploadify File Upload Vulnerability	28 Nov 201713:12	–	metasploit
NVD	CVE-2017-17560	12 Dec 201718:29	–	nvd

Source	Link
github	www.github.com/rapid7/metasploit-framework/pull/9248
download	www.download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdf
exploit-db	www.exploit-db.com/exploits/43356/

20 Dec 2017 10:57Current

9.9High risk

Vulners AI Score9.9

EPSS0.83376

western digital mycloud pr4100 unauthenticated upload arbitrary code execution cve-2017-17560