CVE-2019-16399

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:westerndigital:wd_my_book_firmware:*:*:world_ii:*:*:*:*:*
cpe:2.3:h:westerndigital:wd_my_book:-:*:world_ii:*:*:*:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html - () http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html -
References () https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6 - Exploit, Third Party Advisory () https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6 - Exploit, Third Party Advisory

Information

Published : 2019-09-18 14:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16399

Mitre link : CVE-2019-16399

CVE.ORG link : CVE-2019-16399


JSON object : View

Products Affected

westerndigital

  • wd_my_book_firmware
  • wd_my_book
CWE
CWE-798

Use of Hard-coded Credentials