PT-2019-15721 · Western Digital · Western Digital My Cloud Ex2 Ultra

Delspon

Publicado

2019-11-13

Atualizado

2019-11-15

CVE-2019-18929

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud EX2 Ultra firmware version 2.31.183

Description The issue allows remote execution of arbitrary code via a stack-based buffer overflow in the download mgr.cgi. This can be exploited by web users, including those with guest accounts.

Recommendations For Western Digital My Cloud EX2 Ultra firmware version 2.31.183, consider disabling access to the download mgr.cgi until a patch is available. Restrict access to guest accounts to minimize the risk of exploitation.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2019-18929

Produtos afetados

Western Digital My Cloud Ex2 Ultra

PT-2019-15721 · Western Digital · Western Digital My Cloud Ex2 Ultra

CVE-2019-18929

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4