CVE-2017-17560 – Western Digital MyCloud multi_uploadify File Upload Vulnerability

https://notcve.org/view.php?id=CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. Se ha descubierto un error en los dispositivos Western Digital MyCloud PR4100 2.30.172. El componente de administración web, /web/jquery/uploader/multi_uploadify.php, proporciona una funcionalidad de subida multiparte accesible sin autenticación. • https://www.exploit-db.com/exploits/43356 https://download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdf https://github.com/rapid7/metasploit-framework/pull/9248 https://www.exploitee.rs/index.php/Western_Digital_MyCloud#.2Fjquery.2Fuploader.2Fmulti_uploadify.php_.28added_08.2F06.2F2017.29 https://www.youtube.com/watch?v=EO_49pfmA5A https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb • CWE-287: Improper Authentication •