Lucene search
K

18 matches found

Zero Day Initiative
Zero Day Initiative
added 2024/09/26 12:0 a.m.7 views

Western Digital MyCloud PR4100 ddns-start Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start...

7.5CVSS7.2AI score0.00468EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/06 12:0 a.m.21 views

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from...

5.3CVSS6.9AI score0.00822EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/06 12:0 a.m.28 views

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from the lack...

6.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/08/09 12:0 a.m.16 views

Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger class. The issue results from the lack of...

8CVSS7.3AI score
Exploits0
Metasploit
Metasploit
added 2023/07/28 7:50 p.m.479 views

Western Digital MyCloud unauthenticated command injection

This module exploits authentication bypass CVE-2018-17153 and command injection CVE-2016-10108 vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyClou...

10CVSS8.9AI score0.95174EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/28 12:0 a.m.346 views

Western Digital MyCloud Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...

10CVSS7.1AI score0.95174EPSS
Exploits7
Zero Day Initiative
Zero Day Initiative
added 2022/02/15 12:0 a.m.30 views

(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, which listens on TCP ports 80 and 443 by...

6.3CVSS1.8AI score0.02124EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/02/15 12:0 a.m.21 views

(Pwn2Own) Western Digital MyCloud PR4100 samba Configuration Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the samba service. A crafted request can...

8.8CVSS3.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/01/17 12:0 a.m.20 views

(Pwn2Own) Western Digital MyCloud PR4100 cloudAccess Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8CVSS2.6AI score0.02309EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/03/11 12:0 a.m.28 views

Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMB and AFP services. By creating a symbolic link, an attacke...

7.5CVSS1.6AI score0.01008EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/12/16 12:0 a.m.46 views

(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, which listens on TCP port 80 and 443 by...

2.3AI score0.03897EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/12/15 12:0 a.m.32 views

(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

5.4CVSS2.1AI score0.03897EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2017/12/18 12:0 a.m.69 views

Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

10CVSS7.4AI score0.73404EPSS
Exploits6
NVD
NVD
added 2017/01/03 6:59 a.m.23 views

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

10CVSS9.6AI score0.95174EPSS
Exploits4References3
NVD
NVD
added 2017/01/03 6:59 a.m.24 views

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

10CVSS9.7AI score0.11225EPSS
Exploits1References2
Prion
Prion
added 2017/01/03 6:59 a.m.21 views

Command injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

10CVSS7.5AI score0.11225EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/01/03 6:59 a.m.20 views

Command injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

10CVSS7.4AI score0.95174EPSS
Exploits4References3Affected Software1
Positive Technologies
Positive Technologies
added 2016/12/29 12:0 a.m.3 views

PT-2016-3231 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital MyCloud NAS version 2.11.142 Description: The issue is related to unauthenticated remote command injection as root in the Western Digital MyCloud NAS. This occurs via a modified arg parameter in the POST data to the "/web/goog...

10CVSS9.5AI score0.95174EPSS
Exploits4References7
Rows per page
Query Builder