CVE-2019-19026

Current Description

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.

Basic Data

PublishedNovember 13, 2019
Last ModifiedNovember 15, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSWestern DigitalMy Cloud Ex2 Ultra Firmware2.31.183*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareWestern DigitalMy Cloud Ex2 Ultra-*******

Vulnerable Software List

VendorProductVersions
Western Digital My Cloud Ex2 Ultra Firmware 2.31.183

References

NameSourceURLTags
https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txthttps://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txtMISCThird Party Advisory
https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930MISCExploit Third Party Advisory