CVE-2018-18472
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,
Western Digital WD My Book Live y WD My Book Live Duo (todas las versiones) tienen un fallo de ejecución remota de comandos a través de metacaracteres de shell en el parámetro de idioma /api/1.0/rest/language_configuration. Puede ser activado por cualquier persona que conozca la dirección IP del dispositivo afectado, como se explotó in the wild en junio de 2021 para los comandos de restablecimiento de fábrica,
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-18 CVE Reserved
- 2019-06-19 CVE Published
- 2024-06-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147 | X_refsource_misc | |
https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo | X_refsource_confirm | |
https://www.wizcase.com/blog/hack-2018 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Westerndigital Search vendor "Westerndigital" | My Book Live Firmware Search vendor "Westerndigital" for product "My Book Live Firmware" | * | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Book Live Search vendor "Westerndigital" for product "My Book Live" | - | - |
Safe
|