CVE-2019-18930

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud EX2 Ultra firmware version 2.31.183

Description The issue allows remote execution of arbitrary code via a stack-based buffer overflow. This is possible due to the lack of size verification logic in one of the functions in libscheddl.so. The download mgr.cgi endpoint makes it possible to enter large-sized f idx inputs, which can be exploited.

Recommendations For Western Digital My Cloud EX2 Ultra firmware version 2.31.183, consider disabling the download mgr.cgi endpoint until a patch is available to prevent exploitation. Additionally, restricting access to the libscheddl.so library may help minimize the risk.