Lucene search
PRIOn knowledge basePRION:CVE-2017-17560HistoryDec 12, 2017 - 6:29 p.m.
Code injection
2017-12-1218:29:00
PRIOn knowledge base
www.prio-n.com
1
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device’s file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
| CPE | Name | Operator | Version |
|---|---|---|---|
| my_cloud_pr4100_firmware | eq | 2.30.172 |
Related
dsquare
dsquare
Western Digital My Cloud File Upload
2018-01-09 00:00:00
openvas
openvas
zdt
zdt
Western Digital MyCloud multi_uploadify File Upload Exploit
2017-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Western Digital MyCloud Remote Code Execution (CVE-2017-17560)
2018-01-10 00:00:00
cve
cve
CVE-2017-17560
2017-12-12 18:29:00
packetstorm
packetstorm
Western Digital MyCloud multi_uploadify File Upload
2017-12-15 00:00:00
nvd
nvd
CVE-2017-17560
2017-12-12 18:29:00
cvelist
cvelist
CVE-2017-17560
2017-12-12 18:00:00
nessus
nessus
Western Digital MyCloud Unauthenticated File Upload
2018-01-10 00:00:00