漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Device API endpoint missing access controls on Western Digital Mobile and Web Apps
Vulnerability Description
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Western Digital My Cloud 安全漏洞
Vulnerability Description
Western Digital My Cloud是美国西部数据(Western Digital)公司的一款个人云存储设备。 Western Digital My Cloud存在安全漏洞,该漏洞源于对私有IP缺少身份验证检查。攻击者利用该漏洞可以获取设备信息。以下产品及版本受到影响:My Cloud OS 5 Mobile App 4.21.0版本及之前版本;My Cloud Home Mobile App 4.21.0版本及之前版本;ibi Mobile App 4.21.0版本及之前版本;WD Clou
CVSS Information
N/A
Vulnerability Type
N/A