Vulnerability Name: CVE-2019-9949 (CCN-161515) Assigned: 2019-05-21 Published: 2019-05-21 Updated: 2019-05-29 Summary: Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized. CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-59 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2019-9949 https://bnbdr.github.io/posts/wd/ New Release - My Cloud Firmware Versions 2.31.183 https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20-2019/237717 wd-cve20199949-code-exec(161515) https://github.com/bnbdr/wd-rce/ Vulnerable Configuration: Configuration 1 :cpe:/o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:westerndigital:my_cloud_mirror_gen2_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_mirror_gen2:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:* (Version < 2.31.183)AND cpe:/h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:western_digital:my_cloud:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_ex2100:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_dl2100:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_dl4100:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_pr2100:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_pr4100:-:*:*:*:*:*:*:* OR cpe:/h:western_digital:my_cloud_ex4100:-:*:*:*:*:*:*:* BACK
westerndigital my cloud firmware *
westerndigital my cloud -
westerndigital my cloud mirror gen2 firmware *
westerndigital my cloud mirror gen2 -
westerndigital my cloud ex2 ultra firmware *
westerndigital my cloud ex2 ultra -
westerndigital my cloud ex2100 firmware *
westerndigital my cloud ex2100 -
westerndigital my cloud ex4100 firmware *
westerndigital my cloud ex4100 -
westerndigital my cloud dl2100 firmware *
westerndigital my cloud dl2100 -
westerndigital my cloud dl4100 firmware *
westerndigital my cloud dl4100 -
westerndigital my cloud pr2100 firmware *
westerndigital my cloud pr2100 -
westerndigital my cloud pr4100 firmware *
westerndigital my cloud pr4100 -
western_digital my cloud -
western_digital my cloud ex2 ultra -
western_digital my cloud ex2100 -
western_digital my cloud dl2100 -
western_digital my cloud dl4100 -
western_digital my cloud pr2100 -
western_digital my cloud pr4100 -
western_digital my cloud ex4100 -
Denotes that component is vulnerable