CVE-2019-10706
https://notcve.org/view.php?id=CVE-2019-10706
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: El método de autenticación de la actualización de firmware se basa en un resumen simétrico de HMAC. La clave utilizada para comprobar este resumen está presente en un área protegida del dispositivo y, si es extraída, podría ser usada para instalar un firmware arbitrario en otros dispositivos. • https://support.wdc.com/cat_products.aspx?ID=6&lang=en https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd • CWE-522: Insufficiently Protected Credentials •
CVE-2019-11686
https://notcve.org/view.php?id=CVE-2019-11686
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: Una vulnerabilidad en el algoritmo wear-leveling de la unidad puede causar que los parámetros sensibles criptográficamente (como las claves de cifrado de datos) permanezcan en el medio de la unidad después de su borrado previsto. • https://support.wdc.com/downloads.aspx?g=907&lang=en https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-s • CWE-522: Insufficiently Protected Credentials •