| Reporter | Title | Published | Views | Family All 1 |
|---|---|---|---|---|
| Western Digital My Cloud Multiple Products < 2.21.111 Multiple Vulnerabilities | 2 Sep 202000:00 | – | openvas |
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:lynxtechnology:twonky_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.108006");
script_version("2025-11-21T05:40:28+0000");
script_tag(name:"last_modification", value:"2025-11-21 05:40:28 +0000 (Fri, 21 Nov 2025)");
script_tag(name:"creation_date", value:"2016-09-27 12:00:00 +0200 (Tue, 27 Sep 2016)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_cve_id("CVE-2015-6505");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_twonky_server_http_detect.nasl");
script_mandatory_keys("twonky/server/detected");
script_tag(name:"summary", value:"Twonky Server is prone to a vulnerability which permits
attackers with access to the local network in which Twonky Server runs, to write arbitrary files
on the host running the Twonky Server. It can be used to replace existing or create new files on
the file system, as accessible by the user under which user ID Twonky Server runs (which can be
root).");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"impact", value:"As this vulnerability can be used to overwrite and replace
arbitrary files, this vulnerability can be used to gain control of the target system by
overwriting system files or can create a denial of service attack by overwriting system critical
files.");
script_tag(name:"affected", value:"Twonky Server version 7.0.x, 8.0 and 8.1 with enabled NMC web
API or web API.");
script_tag(name:"solution", value:"Update to version 7.2.11, 8.1.2 or later.
Mitigation:
Add the following configuration options to the Twonky Server configuration file:
enablenmcwebapi=0
enableweb=0
This will block access to the incriminated function.
NOTE: Setting 'enableweb' to '0' will completely disable HTTP web access to Twonky Server!");
script_xref(name:"URL", value:"https://docs.twonky.com/display/TRN/Twonky+Security+Advisory+1+(CVE-2015-6505)+-+Failure+to+verify+HTTP+parameter+allows+writing+of+arbitrary+files+on+host+running+Twonky+Server");
script_xref(name:"URL", value:"https://docs.twonky.com/display/TRN/Twonky+Server+8.1.2");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_in_range_exclusive( version:version, test_version_lo:"7.0.0", test_version_up:"7.2.11" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"7.2.11", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range_exclusive( version:version, test_version_lo:"8.0.0", test_version_up:"8.1.2" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.1.2", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation