Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OS Command Injection vulnerability in Western Digital My Cloud devices
Vulnerability Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Western Digital My Cloud 操作系统命令注入漏洞
Vulnerability Description
Western Digital My Cloud是美国西部数据(Western Digital)公司的一款个人云存储设备。 Western Digital My Cloud OS 5 5.26.119之前版本存在安全漏洞,该漏洞源于存在操作系统命令注入漏洞,攻击者利用该漏洞可以远程执行代码并在获得反向shell。
CVSS Information
N/A
Vulnerability Type
N/A