Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-9951
HistoryApr 24, 2019 - 6:29 p.m.

CVE-2019-9951

2019-04-2418:29:01
CWE-434
[email protected]
web.nvd.nist.gov
30
western digital
my cloud
firmware
vulnerability
unauthenticated
file upload
nvd
cve-2019-9951

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.

Affected configurations

NVD
Node
western_digitalmy_cloud_mirror_gen_2_firmwareRange<2.31.174
AND
western_digitalmy_cloud_mirror_gen_2Match-
Node
western_digitalmy_cloud_ex2_ultra_firmwareRange<2.31.174
AND
western_digitalmy_cloud_ex2_ultraMatch-
Node
western_digitalmy_cloud_ex2100_firmwareRange<2.31.174
AND
western_digitalmy_cloud_ex2100Match-
Node
western_digitalmy_cloud_ex4100Range<2.31.174
AND
western_digitalmy_cloud_ex4100Match-
Node
western_digitalmy_cloud_dl2100Range<2.31.174
AND
western_digitalmy_cloud_dl2100Match-
Node
western_digitalmy_cloud_dl4100_firmwareRange<2.31.174
AND
western_digitalmy_cloud_dl4100Match-
Node
western_digitalmy_cloud_pr2100_firmwareRange<2.31.174
AND
western_digitalmy_cloud_pr2100Match-
Node
western_digitalmy_cloud_pr4100Range<2.31.174
AND
western_digitalmy_cloud_pr4100Match-
Node
western_digitalmy_cloud_firmwareRange<2.31.174
AND
western_digitalmy_cloudMatch-

Related

openvas 2
cvelist 1
prion 1
nvd 1
openvas
openvas
Western Digital My Cloud Unauthenticated File Upload Vulnerability (Active Check)
2020-10-21 00:00:00
Western Digital My Cloud Multiple Products < 2.31.174 Multiple Vulnerabilities
2020-09-02 00:00:00
cvelist
cvelist
CVE-2019-9951
2019-04-24 17:26:16
prion
prion
Unrestricted file upload
2019-04-24 18:29:00
nvd
nvd
CVE-2019-9951
2019-04-24 18:29:01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON
Related for CVE-2019-9951
openvas2cvelist1prion1nvd1