Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2019-9950
HistoryApr 24, 2019 - 5:17 p.m.

CVE-2019-9950

2019-04-2417:17:57
mitre
www.cve.org
1

9.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the “nobody” account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.

Related

nvd 1
prion 1
cve 1
openvas 1
nvd
nvd
CVE-2019-9950
2019-04-24 18:29:01
prion
prion
Authentication flaw
2019-04-24 18:29:00
cve
cve
CVE-2019-9950
2019-04-24 18:29:01
openvas
openvas
Western Digital My Cloud Multiple Products < 2.31.174 Multiple Vulnerabilities
2020-09-02 00:00:00

9.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON
Related for CVELIST:CVE-2019-9950
nvd1prion1cve1openvas1