CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5876
https://notcve.org/view.php?id=CVE-2014-5876
The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación WD My Cloud (también conocido como com.wdc.wd2go) 4.0.0 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/633273 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 2CVE-2014-2846 – WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2014-2846
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer archivos arbitrarios y ejecutar código PHP arbitrario a través de un ..././ (punto punto barra punto barra) en el parámetro lang Cookie, tal y como fue demostrado por una solicitud hacia login/doLogin. WD Arkeia Virtual Appliance versions 7.0.3 up to 10.2.8 suffer from directory traversal and remote command execution vulnerabilities. • https://www.exploit-db.com/exploits/33005 http://seclists.org/fulldisclosure/2014/Apr/257 http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution http://www.securityfocus.com/archive/1/531910/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 5%CPEs: 3EXPL: 1CVE-2013-5006 – Western Digital My Net Wireless Routers - Password Disclosure
https://notcve.org/view.php?id=CVE-2013-5006
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. main_internet.php sobre Western Digital My Net N600 y N750 con firmware 1.03.12 y 1.04.16,y el N900 y N900C con firmware 1.05.12, 1.06.18, y 1.06.28, permite a atacantes remotos descubrir la contraseña de administrador en texto plano mediante la lectura de la línea "var pass=" dentro del código HTML. • https://www.exploit-db.com/exploits/27288 http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html http://www.osvdb.org/95519 https://exchange.xforce.ibmcloud.com/vulnerabilities/85903 • CWE-255: Credentials Management Errors •