CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-18930

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt
https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930
https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt
https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930

Products affected by CVE-2019-18930

Western Digital » My Cloud Ex2 Ultra » Version: N/A

cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-
Western Digital » My Cloud Ex2 Ultra Firmware » Version: 2.31.183

cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.183

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18930

Products

Pricing

Contact Us