CVE-2019-19029

Current Description

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.

Basic Data

PublishedNovember 13, 2019
Last ModifiedNovember 15, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-120
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSWestern DigitalMy Cloud Ex2 Ultra Firmware2.31.195*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareWestern DigitalMy Cloud Ex2 Ultra-*******

Vulnerable Software List

VendorProductVersions
Western Digital My Cloud Ex2 Ultra Firmware 2.31.195

References

NameSourceURLTags
https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txthttps://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txtMISCThird Party Advisory
https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931MISCExploit Third Party Advisory