96 matches found
CVE-2020-12427
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...
Cross site request forgery (csrf)
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...
CVE-2020-12427
CVE-2020-12427 affects Western Digital WD Discovery for MyCloud Home (Windows/macOS). The vulnerability is a Cross-Site Request Forgery (CSRF) in WD Discovery applications prior to version 3.8.229, enabling an attacker to steal data, modify disk contents, or exhaust disk space. The root cause is ...
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...
Design/Logic Flaw
There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...
CVE-2018-7928
The CVE-2018-7928 entry describes a FRP bypass vulnerability in Huawei’s MyCloud APP on some Huawei smartphones, affecting versions before 8.1.2.303. According to the Huawei PSIRT advisory (HWPSIRT-2018-04129), when re-configuring the device via FRP, an attacker can swap the existing account with...
Security Advisory - FRP Bypass Vulnerability in MyCloud APP of Huawei Smart Phones
There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit...
files.mycloud.com XSS vulnerability
Open Bug Bounty ID: OBB-571030 Description| Value ---|--- Affected Website:| files.mycloud.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
The vulnerability of the multiuploadify.php script (located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100), allows a malicious user to execute arbitrary code with root privileges.
The vulnerability of the multiuploadify.php script located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100, relates to deficiencies in authentication procedures. Exploiting this vulnerability allows an attacker to download the PHP script onto a...
Western Digital MyCloud Web Interface Detection
Binary data wdmyclouddetect.nbin...
Western Digital MyCloud Unauthenticated File Upload
The remote WD MyCloud device is affected by a file upload vulnerability that allows a remote attacker to upload and execute files. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid105732; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...
Western Digital MyCloud Remote Code Execution (CVE-2017-17560)
A remote code execution vulnerability exists within Western Digital MyCloud servers. This is due to the way the MyCloud servers handle file uploads to specific directories. A successful attack could lead to a remote code execution and stolen information...
The vulnerability of the “/web/google_analytics.php” microprogramming software of Western Digital MyCloud NAS allows a intruder to execute arbitrary commands.
The vulnerability of the “/web/googleanalytics.php” microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands using a specially...
The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.
The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...
Western Digital MyCloud multi_uploadify File Upload Exploit
This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multiuploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a...
Western Digital MyCloud multi_uploadify File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...
Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability
The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...