WD My Cloud PoC exploit
WD My Cloud RCE PoC Exploit Tested on WD My Cloud EX2 Ultra versions 231149 and 231163 Should work on other MyCloud models for the write-up go here Authentication bypass to acquire user-session (CVE-2019-9950) login_mgrcgi matches credentials against /etc/shadow, therefore the "nobody" account can be used to gain a low-privilege user session by providing &qu