Western Digital MyCloud unauthenticated command injection

This module exploits authentication bypass CVE-2018-17153 and command injection CVE-2016-10108 vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyClou...

PT-2018-13926 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 2.30.196 Description: The issue allows an unauthenticated attacker to bypass authentication and gain full control of the device by exploiting a vulnerability in the authentication mechanism...