9.8
CVE-2019-9951
- EPSS 1.33%
- Published 24.04.2019 18:29:01
- Last modified 21.11.2024 04:52:39
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
Data is provided by the National Vulnerability Database (NVD)
Western Digital ≫ My Cloud Mirror Gen 2 Firmware Version < 2.31.174
Western Digital ≫ My Cloud Ex2 Ultra Firmware Version < 2.31.174
Western Digital ≫ My Cloud Ex2100 Firmware Version < 2.31.174
Western Digital ≫ My Cloud Ex4100 Version < 2.31.174
Western Digital ≫ My Cloud Dl2100 Version < 2.31.174
Western Digital ≫ My Cloud Dl4100 Firmware Version < 2.31.174
Western Digital ≫ My Cloud Pr2100 Firmware Version < 2.31.174
Western Digital ≫ My Cloud Pr4100 Version < 2.31.174
Western Digital ≫ My Cloud Firmware Version < 2.31.174
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.33% | 0.781 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.