Vulnerability Description
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | Wd My Book Live Firmware | >= 2.0 |
| Westerndigital | Wd My Book Live | - |
| Westerndigital | Wd My Book Live Duo Firmware | All versions |
| Westerndigital | Wd My Book Live Duo | - |
Related Weaknesses (CWE)
References
- https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-secVendor Advisory
- https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-secVendor Advisory
FAQ
What is CVE-2021-35941?
CVE-2021-35941 is a vulnerability with a CVSS score of 7.5 (HIGH). Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the w...
How severe is CVE-2021-35941?
CVE-2021-35941 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35941?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital Wd My Book Live Firmware, Westerndigital Wd My Book Live, Westerndigital Wd My Book Live Duo Firmware, Westerndigital Wd My Book Live Duo.