Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Western Digital EdgeRover 安全漏洞
Vulnerability Description
Western Digital EdgeRover是美国西部数据(Western Digital)公司的一款个人内容应用程序。 Western Digital EdgeRover 0.25版本之前存在安全漏洞,该漏洞源于Node.js的使用方式,低特权用户可能会将恶意内容加载到具有更高特权的目录中。攻击者可利用该漏洞获得管理员特权,并执行恶意活动,如创建假库和窃取用户凭证。
CVSS Information
N/A
Vulnerability Type
N/A