Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html - | |
References | () https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6 - Exploit, Third Party Advisory |
Information
Published : 2019-09-18 14:15
Updated : 2024-11-21 04:30
NVD link : CVE-2019-16399
Mitre link : CVE-2019-16399
CVE.ORG link : CVE-2019-16399
JSON object : View
Products Affected
westerndigital
- wd_my_book_firmware
- wd_my_book
CWE
CWE-798
Use of Hard-coded Credentials