Описание
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.19.117 (исключая)
Одновременно
cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00084
Низкий
7.8 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-78
CWE-77
Связанные уязвимости
github
около 4 лет назад
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
EPSS
Процентиль: 25%
0.00084
Низкий
7.8 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-78
CWE-77