// For flags

CVE-2019-9949

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 y PR4100 antes del firmware versión 2.31.183 se ven afectados por una ejecución de código (as root, starting from a low-privilege user session). El archivo cgi-bin/webfile_mgr.cgi permite la escritura arbitraria de archivos al abusar de los symlinks. Específicamente, esto ocurre al cargar un archivo "tar" que contiene un enlace simbólico, y después cargar otro archivo que escribe un archivo en el enlace usando el comando "cgi_untar". Otros comandos también pueden ser susceptibles. El código puede ser ejecutado porque el parámetro "nombre" pasó hacia el comando cgi_unzip sin estar saneado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-23 CVE Reserved
  • 2019-05-23 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Westerndigital
Search vendor "Westerndigital"
 My Cloud Firmware
Search vendor "Westerndigital" for product "My Cloud Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud
Search vendor "Westerndigital" for product "My Cloud"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Mirror Gen2 Firmware
Search vendor "Westerndigital" for product "My Cloud Mirror Gen2 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Mirror Gen2 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Mirror Gen2
Search vendor "Westerndigital" for product "My Cloud Mirror Gen2"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex2 Ultra Firmware
Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex2 Ultra
Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex2100 Firmware
Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex2100
Search vendor "Westerndigital" for product "My Cloud Ex2100"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex4100 Firmware
Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Ex4100
Search vendor "Westerndigital" for product "My Cloud Ex4100"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Dl2100 Firmware
Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Dl2100
Search vendor "Westerndigital" for product "My Cloud Dl2100"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Dl4100 Firmware
Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Dl4100
Search vendor "Westerndigital" for product "My Cloud Dl4100"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Pr2100 Firmware
Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Pr2100
Search vendor "Westerndigital" for product "My Cloud Pr2100"
--
Safe
Westerndigital
Search vendor "Westerndigital"
 My Cloud Pr4100 Firmware
Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware"
 < 2.31.183
Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware" and version " < 2.31.183"
-
Affected
in Westerndigital
Search vendor "Westerndigital"
 My Cloud Pr4100
Search vendor "Westerndigital" for product "My Cloud Pr4100"
--
Safe