EUVD-2016-1298

Malware in sbrugna...

VulnCheck KEV: CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

Western Digital MyCloud NAS Remote Command Injection Vulnerability (CNVD-2017-00115)

Western Digital MyCloud NAS is a personal cloud storage device. Western Digital MyCloud NAS version 2.11.142 has a remote command injection vulnerability in index.php, which allows an attacker to execute arbitrary commands with root privileges via a cookie header...

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

Command injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

Command injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

CVE-2016-10108

CVE-2016-10108 : Western Digital MyCloud NAS (around version 2.11.142) is vulnerable to an unauthenticated remote command injection via the POST parameter arg in the /web/google_analytics.php endpoint, enabling potential root access. The CVSS metrics listed (3.0: 9.8, CRITICAL; 2.0: 10.0) reflect...