CVSS: 6.3EPSS: 0%CPEs: 118EXPL: 0CVE-2019-10706
https://notcve.org/view.php?id=CVE-2019-10706
10 Mar 2020 — Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: El método de autenticación de la actualización de firmware se basa en un resumen simétrico de HMAC. La clave utilizada para comprobar est... • https://support.wdc.com/cat_products.aspx?ID=6&lang=en • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 118EXPL: 0CVE-2019-11686
https://notcve.org/view.php?id=CVE-2019-11686
10 Mar 2020 — Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: Una vulnerabilidad en el algoritmo wear-leveling de la unidad puede causar que los parámetros sensibles criptográficamente (como las claves de cifrado de datos) permanezcan en el medio ... • https://support.wdc.com/downloads.aspx?g=907&lang=en • CWE-522: Insufficiently Protected Credentials •