PT-2020-16190 · Western Digital · Western Digital My Cloud

Abdulla Ismayilov

Published

2020-10-27

Updated

2021-12-01

CVE-2020-25765

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud Devices versions prior to 5.4.1140

Description The issue is related to a remote code execution vulnerability due to insufficient validation of user input in the reg device.php file. This vulnerability can be exploited, potentially allowing unauthorized access and control.

Recommendations For versions prior to 5.4.1140, update to version 5.4.1140 or later to resolve the issue. As a temporary workaround, consider restricting access to the reg device.php file until a patch is applied. Avoid using the vulnerable reg device.php file in Western Digital My Cloud Devices until the issue is resolved.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-78

Related Identifiers

CVE-2020-25765

Affected Products

Western Digital My Cloud

PT-2020-16190 · Western Digital · Western Digital My Cloud

CVE-2020-25765

Weakness Enumeration

Related Identifiers

Affected Products

References · 8