CVE-2019-9949 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2019-9949?

CVE-2019-9949 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9949?

Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Firmware, Westerndigital My Cloud, Westerndigital My Cloud Mirror Gen2 Firmware, Westerndigital My Cloud Mirror Gen2, Westerndigital My Cloud Ex2 Ultra Firmware.

Vulnerability Description

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Westerndigital	My Cloud Firmware	< 2.31.183
Westerndigital	My Cloud	-
Westerndigital	My Cloud Mirror Gen2 Firmware	< 2.31.183
Westerndigital	My Cloud Mirror Gen2	-
Westerndigital	My Cloud Ex2 Ultra Firmware	< 2.31.183
Westerndigital	My Cloud Ex2 Ultra	-
Westerndigital	My Cloud Ex2100 Firmware	< 2.31.183
Westerndigital	My Cloud Ex2100	-
Westerndigital	My Cloud Ex4100 Firmware	< 2.31.183
Westerndigital	My Cloud Ex4100	-
Westerndigital	My Cloud Dl2100 Firmware	< 2.31.183
Westerndigital	My Cloud Dl2100	-
Westerndigital	My Cloud Dl4100 Firmware	< 2.31.183
Westerndigital	My Cloud Dl4100	-
Westerndigital	My Cloud Pr2100 Firmware	< 2.31.183
Westerndigital	My Cloud Pr2100	-
Westerndigital	My Cloud Pr4100 Firmware	< 2.31.183
Westerndigital	My Cloud Pr4100	-

Related Weaknesses (CWE)

CWE-59

References

https://bnbdr.github.io/posts/wd/ExploitThird Party Advisory
https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20Vendor Advisory
https://github.com/bnbdr/wd-rce/ExploitThird Party Advisory
https://bnbdr.github.io/posts/wd/ExploitThird Party Advisory
https://community.wd.com/t/new-release-my-cloud-firmware-versions-2-31-183-05-20Vendor Advisory
https://github.com/bnbdr/wd-rce/ExploitThird Party Advisory

FAQ

What is CVE-2019-9949?

CVE-2019-9949 is a vulnerability with a CVSS score of 8.8 (HIGH). Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privil...

How severe is CVE-2019-9949?

CVE-2019-9949 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9949?

Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Firmware, Westerndigital My Cloud, Westerndigital My Cloud Mirror Gen2 Firmware, Westerndigital My Cloud Mirror Gen2, Westerndigital My Cloud Ex2 Ultra Firmware.