漏洞描述
Western Digital MyCloud是个人云存储设备,将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的users.php文件cookie信息存在命令注入漏洞,可使攻击者获取设备的管理员权限,攻陷设备。
Western Digital MyCloud /users.php 路径存在远程命令执行
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-5057: WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection
- POC CVE-2023-30869: Easy Digital Downloads - Privilege Escalation
- wordpress /wp-json/wp/v2/users 信息泄露漏洞
- Nacos /nacos/v1/auth/users/login 默认口令漏洞
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- Nacos /nacos/v1/auth/users 权限绕过漏洞(CVE-2021-43116)
- POC CVE-2010-2307: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
- POC CVE-2016-10108: Western Digital MyCloud NAS - Command Injection
- POC CVE-2018-17153: Western Digital MyCloud NAS - Authentication Bypass
- POC CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
- POC CVE-2022-34534: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
- POC CVE-2023-23489: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
- POC dahua-dss-login-action-rce: 大华DSS Digital Surveillance System系统login_login.action存在远程命令执行漏洞