CVE-2019-18930 - OpenCVE

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Western Digital	My Cloud Ex2 Ultra My Cloud Ex2 Ultra Firmware

Configuration 1 [-]

AND

cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.183:*:*:*:*:*:*:*

cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt
https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-13T15:47:08

Updated: 2024-08-05T02:02:39.856Z

Reserved: 2019-11-12T00:00:00

Link: CVE-2019-18930

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-13T16:15:11.207

Modified: 2019-11-15T20:08:32.157

Link: CVE-2019-18930

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T15:47:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18930", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt", "refsource": "MISC", "url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"}, {"name": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930", "refsource": "MISC", "url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.856Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18930", "datePublished": "2019-11-13T15:47:08", "dateReserved": "2019-11-12T00:00:00", "dateUpdated": "2024-08-05T02:02:39.856Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:western_digital:my_cloud_ex2_ultra_firmware:2.31.183:*:*:*:*:*:*:*", "matchCriteriaId": "0A2F5116-0257-4C89-964F-2B3A32FCC9C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:western_digital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7BD0108-A509-4F54-86D5-5471D079D280", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs."}, {"lang": "es", "value": "El firmware Western Digital My Cloud EX2 Ultra versi\u00f3n 2.31.183, permite a usuarios web (incluida la cuenta de invitado) ejecutar remotamente c\u00f3digo arbitrario por medio de un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria. No existe una l\u00f3gica de comprobaci\u00f3n de tama\u00f1o en una de las funciones en el archivo libscheddl.so, y download_mgr.cgi hace posible ingresar entradas f_idx de gran tama\u00f1o."}], "id": "CVE-2019-18930", "lastModified": "2019-11-15T20:08:32.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T16:15:11.207", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/DelspoN/CVE/blob/master/CVE-2019-18930/description.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DelspoN/CVE/tree/master/CVE-2019-18930"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}