18 matches found
Western Digital MyCloud PR4100 ddns-start Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start...
(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from...
(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from the lack...
Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger class. The issue results from the lack of...
Western Digital MyCloud unauthenticated command injection
This module exploits authentication bypass CVE-2018-17153 and command injection CVE-2016-10108 vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyClou...
Western Digital MyCloud Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...
(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, which listens on TCP ports 80 and 443 by...
(Pwn2Own) Western Digital MyCloud PR4100 samba Configuration Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the samba service. A crafted request can...
(Pwn2Own) Western Digital MyCloud PR4100 cloudAccess Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMB and AFP services. By creating a symbolic link, an attacke...
(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, which listens on TCP port 80 and 443 by...
(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...
Command injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...
Command injection
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...
PT-2016-3231 · Western Digital · Western Digital My Cloud
Name of the Vulnerable Software and Affected Versions: Western Digital MyCloud NAS version 2.11.142 Description: The issue is related to unauthenticated remote command injection as root in the Western Digital MyCloud NAS. This occurs via a modified arg parameter in the POST data to the "/web/goog...