|Category:||Web application abuses|
|Title:||WD My Book Live / MyCloud NAS RCE Vulnerability|
|Summary:||WD MyBook Live and some models of WD MyCloud NAS contain a remotely;exploitable vulnerability that lets anyone run commands on the device as root. The vulnerability exists in the;language change and modify functionality in the REST API|
WD MyBook Live and some models of WD MyCloud NAS contain a remotely
exploitable vulnerability that lets anyone run commands on the device as root. The vulnerability exists in the
language change and modify functionality in the REST API
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Note: My Book Live devices originally introduced to the market between 2010 and 2012. These products have been
discontinued since 2014 and are no longer covered under the vendors device software support lifecycle. Therefore
no fix will be provided.
Common Vulnerability Exposure (CVE) ID: CVE-2018-18472|
|Copyright||This script is Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.