14 matches found
EUVD-2016-1298
Malware in sbrugna...
VulnCheck KEV: CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
The vulnerability of the cgi_api.php component in the network storage software from Western Digital’s MyCloud NAS allows a perpetrator to execute arbitrary code.
The vulnerability of the cgiapi.php component in the Western Digital MyCloud NAS network storage software is related to insecure privilege management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Western Digital MyCloud NAS’ network storage software relates to writing beyond the buffer memory limit, allowing attackers to escalate their privileges.
The vulnerability of Western Digital MyCloud NAS’ network storage software relates to writing beyond the buffer limits of memory. Exploiting this vulnerability can allow a remote attacker to gain elevated privileges...
The vulnerability of the “/web/google_analytics.php” microprogramming software of Western Digital MyCloud NAS allows a intruder to execute arbitrary commands.
The vulnerability of the “/web/googleanalytics.php” microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands using a specially...
The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.
The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...
Western Digital MyCloud NAS Remote Command Injection Vulnerability (CNVD-2017-00115)
Western Digital MyCloud NAS is a personal cloud storage device. Western Digital MyCloud NAS version 2.11.142 has a remote command injection vulnerability in index.php, which allows an attacker to execute arbitrary commands with root privileges via a cookie header...
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
Command injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...
Command injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
CVE-2016-10108
CVE-2016-10108 : Western Digital MyCloud NAS (around version 2.11.142) is vulnerable to an unauthenticated remote command injection via the POST parameter arg in the /web/google_analytics.php endpoint, enabling potential root access. The CVSS metrics listed (3.0: 9.8, CRITICAL; 2.0: 10.0) reflect...