Monthly Archives: March 2017

Full Disclosure

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud

Leave a comment

Posted by SEC Consult Vulnerability Lab on Mar 07

SEC Consult Vulnerability Lab Security Advisory < 20170307-0 >
=======================================================================
title: Unauthenticated OS command injection & arbitrary file upload
product: Western Digital My Cloud
vulnerable version: at least: 2.21.126 (My Cloud), 2.11.157(My Cloud EX2),
2.21.126 (My Cloud EX2 Ultra), 2.11.157 (My Cloud EX4),…

Full Disclosure

Western Digital My Cloud vulnerable to Cross-Site Request Forgery vulnerability

Leave a comment

Posted by Securify B.V. on Mar 07

————————————————————————
Western Digital My Cloud vulnerable to Cross-Site Request Forgery
vulnerability
————————————————————————
Remco Vermeulen, January 2017

————————————————————————
Abstract
————————————————————————
It was discovered that the Western…

Full Disclosure

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution

Leave a comment

Posted by Securify B.V. on Mar 07

————————————————————————
Stack-based buffer overflow in Western Digital My Cloud allows for
remote code execution
————————————————————————
Remco Vermeulen, January 2017

————————————————————————
Abstract
————————————————————————
It was discovered that the…

Full Disclosure

Western Digital My Cloud vulnerable to multiple command injection vulnerabilities

Leave a comment

Posted by Securify B.V. on Mar 07

————————————————————————
Western Digital My Cloud vulnerable to multiple command injection
vulnerabilities
————————————————————————
Remco Vermeulen, January 2017

————————————————————————
Abstract
————————————————————————
It was discovered that the Western…