CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.912

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html
http://www.securityfocus.com/bid/95200
https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/
http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html
http://www.securityfocus.com/bid/95200
https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/

Products affected by CVE-2016-10108

Western Digital » Mycloud Nas » Version: 2.11.142

cpe:2.3:a:western_digital:mycloud_nas:2.11.142

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10108

Products

Pricing

Contact Us