PT-2013-5328 · Western Digital · Western Digital My Net N600+2

Publicado

2013-07-31

·

Atualizado

2020-02-24

·

CVE-2013-5006

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Western Digital My Net N600 versions 1.03.12 through 1.04.16 Western Digital My Net N750 versions 1.03.12 through 1.04.16 Western Digital My Net N900 versions 1.05.12 through 1.06.28 Western Digital My Net N900C versions 1.05.12 through 1.06.28
Description The issue allows remote attackers to discover the cleartext administrative password by reading the var pass= line within the HTML source code of the main internet.php file.
Recommendations For Western Digital My Net N600 versions 1.03.12 through 1.04.16, update the firmware to a version that is not affected by this issue. For Western Digital My Net N750 versions 1.03.12 through 1.04.16, update the firmware to a version that is not affected by this issue. For Western Digital My Net N900 versions 1.05.12 through 1.06.28, update the firmware to a version that is not affected by this issue. For Western Digital My Net N900C versions 1.05.12 through 1.06.28, update the firmware to a version that is not affected by this issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

CVE-2013-5006

Produtos afetados

Western Digital My Net N600
Western Digital My Net N750
Western Digital My Net N900