CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22988 – Insecure file and directory permissions on EdgeRover
https://notcve.org/view.php?id=CVE-2022-22988
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. Se han corregido los permisos de archivos y directorios para evitar que usuarios no deseados modifiquen o accedan a los recursos • https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33205
https://notcve.org/view.php?id=CVE-2021-33205
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials. Western Digital EdgeRover versiones anteriores a 0.25, presenta una vulnerabilidad de escalada de privilegios en la que un usuario poco privilegiado podría cargar contenido malicioso en directorios con privilegios más altos, debido a cómo Node.js es usado. Un atacante puede alcanzar privilegios de administrador y llevar a cabo actividades maliciosas como crear una biblioteca falsa y robar credenciales de usuario • https://www.westerndigital.com/support/productsecurity/wdc-21007-edgerover-windows-app-ver-0-25 •