Full Disclosure mailing list archives

Western Digital My Cloud vulnerable to multiple command injection vulnerabilities

From: "Securify B.V." <lists () securify nl>
Date: Tue, 7 Mar 2017 10:41:14 +0100

------------------------------------------------------------------------
Western Digital My Cloud vulnerable to multiple command injection
vulnerabilities
------------------------------------------------------------------------
Remco Vermeulen, January 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the Western Digital My Cloud is affected by
multiple command injection vulnerabilities. Some of these issues don't
require authentication and allow an attacker to gain complete control
(root access) of the affected device. Some do require authentication, in
this case an attacker can use Cross-Site Request Forgery (CSRF, see
advisory SFY20170104) or authentication bypass (see advisory
SFY20170102) and still gain complete control of the vulnerable Western
Digital device.

------------------------------------------------------------------------
See also
------------------------------------------------------------------------

-https://security.szurek.pl/wd-my-cloud-mirror-211153-rce-and-authentication-bypass.html

- https://blog.exploitee.rs/2017/hacking_wd_mycloud/
- https://www.exploitee.rs/index.php/Western_Digital_MyCloud

-https://securify.nl/advisory/SFY20170102/authentication_bypass_vulnerability_in_western_digital_my_cloud.html-https://securify.nl/advisory/SFY20170104/western_digital_my_cloud_vulnerable_to_cross_site_request_forgery_vulnerability.html


------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
These vulnerabilities were successfully verified on a Western Digital My
Cloud model WDBCTL0020HWT running firmware versions 2.21.119 and
2.21.126. These issues aren't limited to the model that was used to find
these vulnerabilities since most of the products in the My Cloud series
share the same (vulnerable) code.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170103/western_digital_my_cloud_vulnerable_to_multiple_command_injection_vulnerabilities.html


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Western Digital My Cloud vulnerable to multiple command injection vulnerabilities Securify B.V. (Mar 07)