Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2019-18929/
CVE/CVE-2019-18929/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2019-18929

Information

Target      : WD My Cloud EX2 Ultra
Version     : 2.31.183, 2.31.195

Proof of Concept

gdb-peda$ info registers
r0             0x9      0x9
r1             0x1      0x1
r2             0x1      0x1
r3             0xf64c0a80       0xf64c0a80
r4             0x61616161       0x61616161
r5             0x61616161       0x61616161
r6             0x112c8  0x112c8
r7             0x0      0x0
r8             0x0      0x0
r9             0xf67cc0f4       0xf67cc0f4
r10            0xf67fe000       0xf67fe000
r11            0x0      0x0
r12            0x269c4  0x269c4
sp             0xf6fff2b8       0xf6fff2b8
lr             0x62626262       0x62626262
pc             0x62626262       0x62626262
cpsr           0x20000010       0x20000010

https://youtu.be/D1dXqpQpDu8

Exploit

It is possible to control the PC register and bypass ASLR by doing brute force attack.