Lucene search
K

96 matches found

NVD
NVD
added 2020/05/13 3:15 p.m.19 views

CVE-2020-12427

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...

8.8CVSS8.6AI score0.00454EPSS
Exploits0References2
Prion
Prion
added 2020/05/13 3:15 p.m.16 views

Cross site request forgery (csrf)

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...

6.8CVSS8.4AI score0.00454EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/05/13 2:28 p.m.94 views

CVE-2020-12427

CVE-2020-12427 affects Western Digital WD Discovery for MyCloud Home (Windows/macOS). The vulnerability is a Cross-Site Request Forgery (CSRF) in WD Discovery applications prior to version 3.8.229, enabling an attacker to steal data, modify disk contents, or exhaust disk space. The root cause is ...

8.8CVSS8.5AI score0.00454EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/09 2:29 p.m.3 views

CVE-2018-7928

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...

4.6CVSS5.8AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2018/10/09 2:29 p.m.8 views

Design/Logic Flaw

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...

3.6CVSS4.6AI score0.00336EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/10/09 2:29 p.m.15 views

CVE-2018-7928

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...

4.6CVSS4.6AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/09 2:0 p.m.17 views

CVE-2018-7928

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...

4.6AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2018/10/09 2:0 p.m.56 views

CVE-2018-7928

The CVE-2018-7928 entry describes a FRP bypass vulnerability in Huawei’s MyCloud APP on some Huawei smartphones, affecting versions before 8.1.2.303. According to the Huawei PSIRT advisory (HWPSIRT-2018-04129), when re-configuring the device via FRP, an attacker can swap the existing account with...

4.6CVSS4.7AI score0.00336EPSS
Exploits0References1Affected Software1
Huawei
Huawei
added 2018/09/30 12:0 a.m.27 views

Security Advisory - FRP Bypass Vulnerability in MyCloud APP of Huawei Smart Phones

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit...

4.6CVSS4.6AI score0.00336EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2018/02/28 1:30 p.m.20 views

files.mycloud.com XSS vulnerability

Open Bug Bounty ID: OBB-571030 Description| Value ---|--- Affected Website:| files.mycloud.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.7 views

The vulnerability of the multiuploadify.php script (located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100), allows a malicious user to execute arbitrary code with root privileges.

The vulnerability of the multiuploadify.php script located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100, relates to deficiencies in authentication procedures. Exploiting this vulnerability allows an attacker to download the PHP script onto a...

10CVSS5.6AI score0.73404EPSS
Exploits6References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/10 12:0 a.m.21 views

Western Digital MyCloud Web Interface Detection

Binary data wdmyclouddetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/01/10 12:0 a.m.33 views

Western Digital MyCloud Unauthenticated File Upload

The remote WD MyCloud device is affected by a file upload vulnerability that allows a remote attacker to upload and execute files. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid105732; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

10CVSS8.5AI score0.73404EPSS
Exploits6References3
Check Point Advisories
Check Point Advisories
added 2018/01/10 12:0 a.m.31 views

Western Digital MyCloud Remote Code Execution (CVE-2017-17560)

A remote code execution vulnerability exists within Western Digital MyCloud servers. This is due to the way the MyCloud servers handle file uploads to specific directories. A successful attack could lead to a remote code execution and stolen information...

10CVSS4.2AI score0.73404EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.8 views

The vulnerability of the “/web/google_analytics.php” microprogramming software of Western Digital MyCloud NAS allows a intruder to execute arbitrary commands.

The vulnerability of the “/web/googleanalytics.php” microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands using a specially...

10CVSS8AI score0.95174EPSS
Exploits4References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.4 views

The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.

The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

10CVSS8.1AI score0.11225EPSS
Exploits1References3Affected Software1
Exploit DB
Exploit DB
added 2017/12/18 12:0 a.m.69 views

Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

10CVSS7.4AI score0.73404EPSS
Exploits6
0day.today
0day.today
added 2017/12/16 12:0 a.m.47 views

Western Digital MyCloud multi_uploadify File Upload Exploit

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multiuploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a...

10CVSS0.7AI score0.73404EPSS
Exploits6
Packet Storm
Packet Storm
added 2017/12/15 12:0 a.m.54 views

Western Digital MyCloud multi_uploadify File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

0.73404EPSS
Exploits6
CNVD
CNVD
added 2017/12/14 12:0 a.m.8 views

Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability

The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...

10CVSS7.9AI score0.73404EPSS
Exploits6References1
Rows per page
Query Builder