Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for my_cloud_firmware by western_digital

    CVE-2019-9951 (GCVE-0-2019-9951)

    Vulnerability from nvd – Published: 2019-04-24 17:26 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:08.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bnbdr.github.io/posts/wd/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bnbdr/wd-rce/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-28T17:40:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bnbdr.github.io/posts/wd/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bnbdr/wd-rce/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
                  "refsource": "CONFIRM",
                  "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
                },
                {
                  "name": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
                },
                {
                  "name": "https://bnbdr.github.io/posts/wd/",
                  "refsource": "MISC",
                  "url": "https://bnbdr.github.io/posts/wd/"
                },
                {
                  "name": "https://github.com/bnbdr/wd-rce/",
                  "refsource": "MISC",
                  "url": "https://github.com/bnbdr/wd-rce/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9951",
        "datePublished": "2019-04-24T17:26:16.000Z",
        "dateReserved": "2019-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:08.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9951 (GCVE-0-2019-9951)

    Vulnerability from cvelistv5 – Published: 2019-04-24 17:26 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:08.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bnbdr.github.io/posts/wd/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bnbdr/wd-rce/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-28T17:40:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bnbdr.github.io/posts/wd/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bnbdr/wd-rce/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932",
                  "refsource": "CONFIRM",
                  "url": "https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-174-3-26-19/235932"
                },
                {
                  "name": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://support.wdc.com/downloads.aspx?g=2702\u0026lang=en"
                },
                {
                  "name": "https://bnbdr.github.io/posts/wd/",
                  "refsource": "MISC",
                  "url": "https://bnbdr.github.io/posts/wd/"
                },
                {
                  "name": "https://github.com/bnbdr/wd-rce/",
                  "refsource": "MISC",
                  "url": "https://github.com/bnbdr/wd-rce/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9951",
        "datePublished": "2019-04-24T17:26:16.000Z",
        "dateReserved": "2019-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:08.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }