CVE-2021-33205

Name of the Vulnerable Software and Affected Versions Western Digital EdgeRover versions prior to 0.25

Description The issue allows a low-privileged user to load malicious content into directories with higher privileges due to the usage of Node.js. This enables an attacker to gain admin privileges and perform malicious activities, such as creating a fake library and stealing user credentials.

Recommendations For Western Digital EdgeRover versions prior to 0.25, update to version 0.25 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and limiting the privileges of low-privileged users to minimize the risk of exploitation.