CVE-2019-9950 Information

Description

Western Digital My Cloud My Cloud Mirror Gen2 My Cloud EX2 Ultra My Cloud EX2100 My Cloud EX4100 My Cloud DL2100 My Cloud DL4100 My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However the \nobody\ account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bnbdr.github.io/posts/wd/ https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932 https://github.com/bnbdr/wd-rce/ https://support.wdc.com/downloads.aspx?g=2702&lang=en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8