Описание
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.183:*:*:*:*:*:*:*
cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00782
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
больше 3 лет назад
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
EPSS
Процентиль: 73%
0.00782
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-787