- Salto de restricciones que permitiría subir ficheros al dispositivo (CVE-2017-17560) :
- Cuenta de administración remota no documentada «mydlinkBRionyg»:
- Otras vulnerabilidades:
Más información:
WDMyCloud Multiple Vulnerabilities
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
Western Digital My Cloud Update
https://blog.westerndigital.com/western-digital-cloud-update/
Multiple serious vulnerabilitys including Backdoor etc. as disclosed by gulftech.org
https://community.wd.com/t/multiple-serious-vulnerabilitys-including-backdoor-etc-as-disclosed-by-gulftech-org/219436/5
CVE-2017-17560 Detail
https://nvd.nist.gov/vuln/detail/CVE-2017-17560
Western Digital MyCloud – ‘multi_uploadify’ File Upload (Metasploit)
https://www.exploit-db.com/exploits/43356/
Exploiteers DEFCON25 – WD MyCloud
https://www.exploitee.rs/index.php/Western_Digital_MyCloud#.2Fjquery.2Fuploader.2Fmulti_uploadify.php_.28added_08.2F06.2F2017.29
https://download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdf
Deja una respuesta