Test ID:	1.3.6.1.4.1.25623.1.0.803731
Category:	Web application abuses
Title:	Western Digital My Net Devices Information Disclosure Vulnerability
Summary:	Western Digital My Net Router is prone to an information disclosure vulnerability.
Description:	Summary: Western Digital My Net Router is prone to an information disclosure vulnerability. Vulnerability Insight: The issue is due to the device storing the admin password in clear text in the main_internet.php source code page as the value for 'var pass'. Vulnerability Impact: Successful exploitation will allow attacker to gain access to credential information. Affected Software/OS: Western Digital My Net N600 1.03, 1.04, Western Digital My Net N750 1.03, 1.04, Western Digital My Net N900 1.05, 1.06 and Western Digital My Net N900C 1.05, 1.06 Solution: Upgrade to version 1.07.16, for the My Net N900 and My Net N900. For My Net N600 and My Net N750 solution is to revert to the earlier firmware of 1.01.04 or 1.01.20, or disable remote administrative access. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5006 Bugtraq: 20130718 Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html Bugtraq: 20130722 Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html http://www.osvdb.org/95519 XForce ISS Database: my-net-info-disc(85903) https://exchange.xforce.ibmcloud.com/vulnerabilities/85903
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.