CVE-2020-27159

Опубликовано: 27 окт. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

Ссылки

https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
Exploit
Third Party Advisory
https://www.westerndigital.com/support/productsecurity
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
Vendor Advisory
https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
Exploit
Third Party Advisory
https://www.westerndigital.com/support/productsecurity
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*

Версия до 5.04.114 (исключая)

Одно из

cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_expert_series_ex2:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_mirror_-_gen_2:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08311

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-8vhp-mfqv-2pqj

github

больше 3 лет назад