漏洞标题
N/A
漏洞描述信息
发现西数My Cloud设备在2.30.196之前受到一个身份验证绕过漏洞的影响。未验证的黑客可以利用此漏洞成为管理员用户,无需提供密码,从而完全控制设备。(每当管理员登录My Cloud时,服务器会创建一个会话,该会话与用户的IP地址绑定。会话创建后,可以通过HTTP请求发送“用户名=admin”的 cookie 调用已验证的CGI模块。调用的CGI将检查是否存在有效的会话,并绑定到用户IP地址。) 发现未验证的黑客可以在不需要登录的情况下创建有效的会话。网络_mgr.cgiCGI模块包含一个名为“cgi_get_ipv6”的命令,该命令在提供附加参数“flag”值为“1”时,开始一个管理员会话,该会话与发送请求的用户IP地址绑定。如果攻击者设置了“用户名=admin”的cookie,则后续调用通常需要管理员权限的命令会成功。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Western Digital My Cloud 安全漏洞
漏洞描述信息
Western Digital My Cloud是美国西部数据(Western Digital)公司的一款个人网络云存储设备。 Western Digital My Cloud 2.30.x及之前版本中存在身份验证绕过漏洞。攻击者可利用该漏洞无需密码以admin用户身份通过身份验证或无需登录便可创建有效的会话。
CVSS信息
N/A
漏洞类别
授权问题