Описание
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device.
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-18472
- https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147
- https://www.wdc.com
- https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
- https://www.wizcase.com/blog/hack-2018
Связанные уязвимости
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,
Уязвимость микропрограммного обеспечения дисковых хранилищ Western Digital WD My Book Live и WD My Book Live Duo, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольные команды