-
Notifications
You must be signed in to change notification settings - Fork 1
/
description.txt
81 lines (81 loc) · 1.97 KB
/
description.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
> Western Digital
> My Cloud EX2 Ultra
> 2.31.183
> allows web users (including guest accounts) to
> remotely execute arbitrary code via a
> download_mgr.cgi
> stack-based buffer overflow.
>
> ------------------------------------------
>
> [Additional Information]
> 0x62626262 in ?? ()
> gdb-peda$ info registers
> r0 0x9 0x9
> r1 0x1 0x1
> r2 0x1 0x1
> r3 0xf64c0a80 0xf64c0a80
> r4 0x61616161 0x61616161
> r5 0x61616161 0x61616161
> r6 0x112c8 0x112c8
> r7 0x0 0x0
> r8 0x0 0x0
> r9 0xf67cc0f4 0xf67cc0f4
> r10 0xf67fe000 0xf67fe000
> r11 0x0 0x0
> r12 0x269c4 0x269c4
> sp 0xf6fff2b8 0xf6fff2b8
> lr 0x62626262 0x62626262
> pc 0x62626262 0x62626262
> cpsr 0x20000010 0x20000010
> gdb-peda$
>
> ------------------------------------------
>
> [Vulnerability Type]
> Buffer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> Western Digital
>
> ------------------------------------------
>
> [Affected Product Code Base]
> WD My Cloud EX2 Ultra - 2.31.183
>
> ------------------------------------------
>
> [Affected Component]
> download_mgr.cgi
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To execute arbitrary code, web users access to the vulnerable cgi file with malicious parameters.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> DelspoN & Jeong Jae Young
>
> ------------------------------------------
>
> [Reference]
> https://support.wdc.com/downloads.aspx?g=907&lang=en