CVE-2019-13467
https://notcve.org/view.php?id=CVE-2019-13467
Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files. Descripción: Western Digital SSD Dashboard versiones anteriores a 2.5.1.0 y SanDisk SSD Dashboard versiones anteriores a 2.5.1.0, las aplicaciones son potencialmente vulnerables a los ataques de tipo man-in-the-middle cuando éstas descargan recursos del servicio web Dashboard. Esta vulnerabilidad puede permitir a un atacante sustituir los recursos descargados con archivos arbitrarios. • https://support.wdc.com/downloads.aspx?g=907&lang=en https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities •
CVE-2019-13466
https://notcve.org/view.php?id=CVE-2019-13466
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. El panel de Western Digital SSD anterior a la versión 2.5.1.0 y el panel de SanDisk SSD anterior a la versión 2.5.1.0 tienen un control de acceso incorrecto. El archivo "generar informes" está protegido con una contraseña codificada. • https://support.wdc.com/downloads.aspx?g=907&lang=en https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVE-2019-16399 – Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
https://notcve.org/view.php?id=CVE-2019-16399
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. Western Digital WD My Book World versiones hasta II 1.02.12 sufre de Violación de Autenticación, lo que permite a un atacante acceder al directorio /admin/ sin credenciales. Un atacante puede fácilmente habilitar SSH desde /admin/system_advanced.php? • https://www.exploit-db.com/exploits/47399 http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-18472
https://notcve.org/view.php?id=CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands, Western Digital WD My Book Live y WD My Book Live Duo (todas las versiones) tienen un fallo de ejecución remota de comandos a través de metacaracteres de shell en el parámetro de idioma /api/1.0/rest/language_configuration. Puede ser activado por cualquier persona que conozca la dirección IP del dispositivo afectado, como se explotó in the wild en junio de 2021 para los comandos de restablecimiento de fábrica, • https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147 https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo https://www.wizcase.com/blog/hack-2018 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-9949
https://notcve.org/view.php?id=CVE-2019-9949
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized. • https://bnbdr.github.io/posts/wd https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717 https://github.com/bnbdr/wd-rce • CWE-59: Improper Link Resolution Before File Access ('Link Following') •