Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108926
Category:Web application abuses
Title:Western Digital My Cloud Multiple Products < 2.12.127 / 2.20 - 2.30 < 2.31.149 Multiple Vulnerabilities
Summary:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Description:Summary:
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE-2016-10107

- Resolved multiple cross site request forgery (CSRF) vulnerabilities

- Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195)

- Resolved multiple denial-of-service vulnerabilities

- Improved security by disabling SSH shadow information

- Resolved a buffer overflow issue that could lead to unauthenticated access

- Resolved a click-jacking vulnerability in the webinterface

- Resolved multiple security issues in the Webfile viewer on-devic eapp

- Improved the security of volume mount options

- Resolved multiple security issues in the EULA onboarding flow

- Resolved leakage of debug messages in the webinterface

- Improved credential handling for the remote MyCloud-to-MyCloud backup feature

- Improved credential handling for upload-logs-to-support option

Addiditionally the following components received an update containing security fixes:

- Apache v2.4.34

- PHP v5.4.45

- OpenSSH v7.5p1

- OpenSSL v1.0.1u

- libupnp v1.6.25 (CVE-2012-5958)

- jQuery v3.3.1 (CVE-2010-5312)

- Rsync v3.0.7

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.12.127
and 2.2 - 2.3 versions prior to 2.31.149.

Solution:
Update to firmware version 2.12.127, 2.31.149 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5195
BugTraq ID: 93793
http://www.securityfocus.com/bid/93793
CERT/CC vulnerability note: VU#243144
https://www.kb.cert.org/vuls/id/243144
https://www.exploit-db.com/exploits/40611/
https://www.exploit-db.com/exploits/40616/
https://www.exploit-db.com/exploits/40839/
https://www.exploit-db.com/exploits/40847/
https://dirtycow.ninja
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
http://www.openwall.com/lists/oss-security/2016/10/26/7
RedHat Security Advisories: RHSA-2016:2098
http://rhn.redhat.com/errata/RHSA-2016-2098.html
RedHat Security Advisories: RHSA-2016:2105
http://rhn.redhat.com/errata/RHSA-2016-2105.html
RedHat Security Advisories: RHSA-2016:2106
http://rhn.redhat.com/errata/RHSA-2016-2106.html
RedHat Security Advisories: RHSA-2016:2107
http://rhn.redhat.com/errata/RHSA-2016-2107.html
RedHat Security Advisories: RHSA-2016:2110
http://rhn.redhat.com/errata/RHSA-2016-2110.html
RedHat Security Advisories: RHSA-2016:2118
http://rhn.redhat.com/errata/RHSA-2016-2118.html
RedHat Security Advisories: RHSA-2016:2120
http://rhn.redhat.com/errata/RHSA-2016-2120.html
RedHat Security Advisories: RHSA-2016:2124
http://rhn.redhat.com/errata/RHSA-2016-2124.html
RedHat Security Advisories: RHSA-2016:2126
http://rhn.redhat.com/errata/RHSA-2016-2126.html
RedHat Security Advisories: RHSA-2016:2127
http://rhn.redhat.com/errata/RHSA-2016-2127.html
RedHat Security Advisories: RHSA-2016:2128
http://rhn.redhat.com/errata/RHSA-2016-2128.html
RedHat Security Advisories: RHSA-2016:2132
http://rhn.redhat.com/errata/RHSA-2016-2132.html
RedHat Security Advisories: RHSA-2016:2133
http://rhn.redhat.com/errata/RHSA-2016-2133.html
RedHat Security Advisories: RHSA-2017:0372
https://access.redhat.com/errata/RHSA-2017:0372
http://www.securitytracker.com/id/1037078
SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-5958
BugTraq ID: 57602
http://www.securityfocus.com/bid/57602
CERT/CC vulnerability note: VU#922681
http://www.kb.cert.org/vuls/id/922681
Cisco Security Advisory: 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
Debian Security Information: DSA-2614 (Google Search)
http://www.debian.org/security/2013/dsa-2614
Debian Security Information: DSA-2615 (Google Search)
http://www.debian.org/security/2013/dsa-2615
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
https://www.tenable.com/security/research/tra-2017-10
SuSE Security Announcement: openSUSE-SU-2013:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
BugTraq ID: 71106
http://www.securityfocus.com/bid/71106
Debian Security Information: DSA-3249 (Google Search)
http://www.debian.org/security/2015/dsa-3249
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
http://seclists.org/oss-sec/2014/q4/616
http://seclists.org/oss-sec/2014/q4/613
RedHat Security Advisories: RHSA-2015:0442
http://rhn.redhat.com/errata/RHSA-2015-0442.html
RedHat Security Advisories: RHSA-2015:1462
http://rhn.redhat.com/errata/RHSA-2015-1462.html
http://www.securitytracker.com/id/1037035
XForce ISS Database: jqueryui-cve20105312-xss(98696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.