Vulnerability Details CVE-2019-16399
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.109
EPSS Ranking 93.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html
- https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6
- http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.html
- https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6
Products affected by CVE-2019-16399
-
cpe:2.3:h:westerndigital:wd_my_book:-
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:-
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.00.16
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.00.28
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.01.14
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.01.16
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.02.06
-
cpe:2.3:o:westerndigital:wd_my_book_firmware:1.02.12