漏洞描述
【漏洞对象】Western Digital WD My Book World 【涉及版本】Western Digital WD My Book World II1.02.12及之前版本 【漏洞描述】该设备存在失效身份验证安全漏洞。恶意攻击者无需进行身份验证即可访问/admin/目录,从/admin/system_advanced.php?lang=en中开启SSH,并用默认root密码welc0me登录。
Western Digital WD My Book World 无效身份验证漏洞
PoC代码
暂无相关漏洞推荐
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- POC CVE-2010-2307: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
- POC CVE-2016-10108: Western Digital MyCloud NAS - Command Injection
- POC CVE-2018-17153: Western Digital MyCloud NAS - Authentication Bypass
- POC CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
- POC CVE-2022-34267: RWS WorldServer - Authentication Bypass
- POC CVE-2022-34534: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
- POC CVE-2023-23489: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
- POC dahua-dss-login-action-rce: 大华DSS Digital Surveillance System系统login_login.action存在远程命令执行漏洞
- POC linux-world-writable-file: Linux World-Writable File Permission
- POC qihang-media-disclosure: QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure
- POC qihang-media-lfi: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary File Disclosure
- POC digitalocean-anchor-csp-bypass: Content-Security-Policy Bypass - DigitalOcean Anchor