Vulnerability Description
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | Wd My Book Firmware | <= 1.02.12 |
| Westerndigital | Wd My Book | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS
- https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6ExploitThird Party Advisory
- http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS
- https://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6ExploitThird Party Advisory
FAQ
What is CVE-2019-16399?
CVE-2019-16399 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH ...
How severe is CVE-2019-16399?
CVE-2019-16399 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-16399?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital Wd My Book Firmware, Westerndigital Wd My Book.