NotCVE - vendor:"Western Digital" product:"Mycloud Nas" version:"2.11.142"

2 results (0.005 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-10107

https://notcve.org/view.php?id=CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. Inyección de comandos remotos no autenticados como root ocurre en la página index.php de Western Digital MyCloud NAS 2.11.142 a través de una cabecera Cookie modificada. • http://www.securityfocus.com/bid/95201 https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 2

CVE-2016-10108 – Western Digital MyCloud unauthenticated command injection

https://notcve.org/view.php?id=CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. Inyección de comandos remotos no autenticados como root ocurre en la URL /web/google_analytics.php de Western Digital MyCloud NAS 2.11.142 a través de un parámetro arg modificado en el dato POST. • http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html http://www.securityfocus.com/bid/95200 https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas https://www.securify.nl/advisory/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges https://web.archive.org/web/20170315123948/https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas https://raw.githubusercontent • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •