Delspon

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud EX2 Ultra firmware version 2.31.183 **Description** The issue allows remote execution of arbitrary code via a stack-based buffer overflow in the download mgr.cgi. This can be exploited by web users, including those with guest accounts. **Recommendations** For Western Digital My Cloud EX2 Ultra firmware version 2.31.183, consider disabling access to the download mgr.cgi until a patch is available. Restrict access to guest accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud EX2 Ultra firmware version 2.31.183 **Description** The issue allows remote execution of arbitrary code via a stack-based buffer overflow. This is possible due to the lack of size verification logic in one of the functions in libscheddl.so. The download mgr.cgi endpoint makes it possible to enter large-sized `f idx` inputs, which can be exploited. **Recommendations** For Western Digital My Cloud EX2 Ultra firmware version 2.31.183, consider disabling the download mgr.cgi endpoint until a patch is available to prevent exploitation. Additionally, restricting access to the libscheddl.so library may help minimize the risk.