QwikSec

Security Database

CVE

CWE

Training

CVE-2018-18472

Published: Jun 19, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.wizcase.com/blog/hack-2018/

x_refsource_MISC

https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo

x_refsource_CONFIRM

https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.