PT-2013-5328 · Western Digital · Western Digital My Net N600+2
Published
2013-07-31
·
Updated
2020-02-24
·
CVE-2013-5006
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Western Digital My Net N600 versions 1.03.12 through 1.04.16
Western Digital My Net N750 versions 1.03.12 through 1.04.16
Western Digital My Net N900 versions 1.05.12 through 1.06.28
Western Digital My Net N900C versions 1.05.12 through 1.06.28
Description
The issue allows remote attackers to discover the cleartext administrative password by reading the
var pass= line within the HTML source code of the main internet.php file.Recommendations
For Western Digital My Net N600 versions 1.03.12 through 1.04.16, update the firmware to a version that is not affected by this issue.
For Western Digital My Net N750 versions 1.03.12 through 1.04.16, update the firmware to a version that is not affected by this issue.
For Western Digital My Net N900 versions 1.05.12 through 1.06.28, update the firmware to a version that is not affected by this issue.
For Western Digital My Net N900C versions 1.05.12 through 1.06.28, update the firmware to a version that is not affected by this issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Western Digital My Net N600
Western Digital My Net N750
Western Digital My Net N900