Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2018-18472

Published: 19/06/2019 Updated: 25/06/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

westerndigital my_book_live_firmware

Github Repositories

https://github.com/odolezal/notes

Všelijaké poznámky

Notes Všelijaké poznámky Obsah Seznam MAC adres podle výrobce Seznam českých NTP serverů Recovery mount filesystemu z WD MyBookLive 3TB stunnel - Článek popisující implementaci programu stunnel, který zprostředkovává zabezpečené spojení, resp šifrovaný tunel pro strea

Recent Articles

Pull your Western Digital My Book Live NAS off the internet now if you value your files
The Register • Matthew Hughes • 25 Jun 2021

Storage giant fingers 'critical' bug allowing remote factory resets that wipe contents Votes cast on this argument

Western Digital has alerted customers to a critical bug on its My Book Live storage drives, warning them to disconnect the devices from the internet to protect the units from being remotely wiped. In an advisory, the storage firm said My Book Live and My Book Live Duo devices were being "compromised through exploitation of a remote command execution vulnerability" CVE-2018-18472. The exploit is described as a root remote command execution bug which can be triggered by anyone who knows the IP add...

Read more...

References

CWE-78https://www.wizcase.com/blog/hack-2018/https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduohttps://nvd.nist.govhttps://github.com/odolezal/noteshttps://www.theregister.co.uk/2021/06/25/western_digital_nas_wiped/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook