Vulnerability CVE-2018-1151


Published: 2018-06-12

Description:
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: WDC
Product: Tv live hub firmware 
Version: 3.12.13;
Product: Tv media player firmware 
Version: 1.03.07;
Vendor: Westerndigital
Product: Tv live hub firmware 
Version: 3.12.13;
Product: Tv media player firmware 
Version: 1.03.07;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.tenable.com/security/research/tra-2018-14

Related CVE
CVE-2019-16399
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login ...
CVE-2018-18472
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected dev...
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171...
CVE-2017-17560
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used ...

Copyright 2019, cxsecurity.com

 

Back to Top