exploitDog

GHSA-mc72-rv83-h28w

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.

Ссылки

EPSS

Процентиль: 88%

0.03795

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2021-35941

CVSS3: 7.5

nvd

больше 4 лет назад

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.

BDU:2021-03535

CVSS3: 8.2

fstec

больше 4 лет назад

Уязвимость микропрограммного обеспечения дисковых хранилищ Western Digital WD My Book Live и WD My Book Live Duo, связанная с недостатками процедуры аутентификации, позволяющая нарушителю выполнить сброс устройства к заводским настройкам

EPSS

Процентиль: 88%

0.03795

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-287