Details of VAR-201702-1100

ID

VAR-201702-1100

TITLE

Multiple vulnerabilities in WD My Cloud Mirror

Trust: 0.6

sources: CNVD: CNVD-2017-01063

DESCRIPTION

MyCloudMirror is the MyCloud personal cloud storage device from Western Digital. WDMyCloudMirror has authentication bypass and remote code execution vulnerabilities that allow an attacker to exploit a vulnerability to bypass an restriction, perform an unauthorized operation, or execute arbitrary code.

Trust: 0.6

sources: CNVD: CNVD-2017-01063

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01063

AFFECTED PRODUCTS

vendor:

western

model:

digital my cloud mirror

scope:

version:

2.11.153

Trust: 0.6

sources: CNVD: CNVD-2017-01063

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-01063
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-01063
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-01063

EXTERNAL IDS

db:	EXPLOITDB	id:	41147	Trust: 0.6
db:	EXPLOIT-DB	id:	41147	Trust: 0.6
db:	CNVD	id:	CNVD-2017-01063	Trust: 0.6

sources: CNVD: CNVD-2017-01063

REFERENCES

url:

https://www.exploit-db.com/exploits/41147/

Trust: 0.6

sources: CNVD: CNVD-2017-01063

SOURCES

db:

CNVD

id:

CNVD-2017-01063

LAST UPDATE DATE

2022-05-17T02:03:17.823000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-01063

date:

2017-02-08T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-01063

date:

2017-02-07T00:00:00