[ale] [Fwd: [FD] Western Digital My Cloud vulnerable to multiple command injection vulnerabilities]
Joey Kelly
joey at joeykelly.net
Tue Mar 7 10:28:22 EST 2017
Sigh...
---------------------------- Original Message ----------------------------
Subject: [FD] Western Digital My Cloud vulnerable to multiple command
injection vulnerabilities
From: "Securify B.V." <lists at securify.nl>
Date: Tue, March 7, 2017 9:41 am
To: fulldisclosure at seclists.org
--------------------------------------------------------------------------
------------------------------------------------------------------------
Western Digital My Cloud vulnerable to multiple command injection
vulnerabilities
------------------------------------------------------------------------
Remco Vermeulen, January 2017
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the Western Digital My Cloud is affected by
multiple command injection vulnerabilities. Some of these issues don't
require authentication and allow an attacker to gain complete control
(root access) of the affected device. Some do require authentication, in
this case an attacker can use Cross-Site Request Forgery (CSRF, see
advisory SFY20170104) or authentication bypass (see advisory
SFY20170102) and still gain complete control of the vulnerable Western
Digital device.
------------------------------------------------------------------------
See also
------------------------------------------------------------------------
-
https://security.szurek.pl/wd-my-cloud-mirror-211153-rce-and-authentication-bypass.html
- https://blog.exploitee.rs/2017/hacking_wd_mycloud/
- https://www.exploitee.rs/index.php/Western_Digital_MyCloud
-
https://securify.nl/advisory/SFY20170102/authentication_bypass_vulnerability_in_western_digital_my_cloud.html
-
https://securify.nl/advisory/SFY20170104/western_digital_my_cloud_vulnerable_to_cross_site_request_forgery_vulnerability.html
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
These vulnerabilities were successfully verified on a Western Digital My
Cloud model WDBCTL0020HWT running firmware versions 2.21.119 and
2.21.126. These issues aren't limited to the model that was used to find
these vulnerabilities since most of the products in the My Cloud series
share the same (vulnerable) code.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170103/western_digital_my_cloud_vulnerable_to_multiple_command_injection_vulnerabilities.html
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the Ale
mailing list