Remote code execution in Western Digital My Cloud PR4100



Published: 2021-07-05
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-306
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
My Cloud PR4100
Hardware solutions / Other hardware appliances

Vendor Western Digital

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Missing authentication for critical function

EUVDB-ID: #VU54524

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to an error in the configuration when accessing the management API along with an empty password for the "nobody" user account. A remote non-authenticated attacker can login  under the "nobody" user account with an empty password to the administrative interface and upload an arbitrary OS image onto the device.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Upgrade your firmware to My Cloud OS 5.

Vulnerable software versions

My Cloud PR4100: 2.20.202 - 2.41.116

External links

http://www.youtube.com/watch?v=vsg9YgvGBec


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###