漏洞描述
Western Digital MyCloud NAS是一款网络附加存储设备,旨在提供集中存储和共享解决方案。它允许用户在家中或办公室通过网络访问文件,支持多种设备的备份和共享。Western Digital MyCloud NAS 中Cookie存在命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。
Western Digital MyCloud NAS Cookie 命令注入漏洞(CVE-2016-10108)
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-5057: WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- POC CVE-2023-30869: Easy Digital Downloads - Privilege Escalation
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- POC CVE-2010-2307: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
- POC CVE-2016-10108: Western Digital MyCloud NAS - Command Injection
- POC CVE-2016-4437: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2018-17153: Western Digital MyCloud NAS - Authentication Bypass
- POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
- POC CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
- POC CVE-2022-0147: WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
- POC CVE-2022-34534: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure