Published: 18/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an malicious user to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.

Vulnerable Product	Search on Vulmon	Subscribe to Product
westerndigital wd_my_book_firmware

# Exploit Title: Western Digital My Book World II NAS <= 10212 - Broken Authentication to RCE # Google Dork: intitle:"My Book World Edition - MyBookWorld" # Date: 19th Sep, 2019 # Exploit Author: Noman Riffat, National Security Services Group (NSSG) # Vendor Homepage: wdcom/ # Software Link: supportwdccom/downloadsaspx?p=13 ...

Western Digital My Book World II NAS versions 10212 and below have a hard-coded ssh credential that allows for remote command execution ...

CWE-798 https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6 http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47399

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-16399

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect