PT-2018-18328 · Western Digital · Mycloud App

Ji Rongwei

Published

2018-10-09

Updated

2020-02-24

CVE-2018-7928

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: MyCloud APP versions prior to 8.1.2.303

Description: The issue allows for Factory Reset Protection (FRP) bypass in the MyCloud APP. An attacker can exploit this to replace the old account with a new one by following specific steps during the re-configuration of the mobile phone using the FRP function, thus bypassing the FRP function.

Recommendations: For versions prior to 8.1.2.303, update to version 8.1.2.303 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-7928

Affected Products

Mycloud App

PT-2018-18328 · Western Digital · Mycloud App

CVE-2018-7928

Related Identifiers

Affected Products

References · 3