OS command injection in WD My Cloud - CVE-2016-10107
Published: January 3, 2017
Vulnerability identifier: #VU3125
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-10107
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Western Digital
Affected software:
WD My Cloud
WD My Cloud
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable device.
The vulnerability exists due to insufficient sanitization of user-supplied "Cookie" header in /index.php script. A remote attacker can send specially crafted HTTP request containing malicious "Cookie" header and execute arbitrary OS commands with root privileges.
Successful exploitation of the vulnerability will result in full compromise of vulnerable device.
How to mitigate CVE-2016-10107
Update your WD My Cloud firmware to version 2.21.126.