all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-111: (Pwn2Own) Western Digital MyCloud PR4100 DDNS Response Processing Command Injection Remote Code Execution Vulnerability

Add to bookmarks
Feb. 9, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability.

arbitrary code attackers authentication code code execution command command injection digital exploit injection mycloud network pwn2own remote code remote code execution response vulnerability western western digital zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-454: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
access access rights attackers authentication +18
ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
access access rights arbitrary code attackers +20
ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +16
ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day attackers authentication authentication bypass +12
ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +17
ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day attackers authentication cgi +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland
View on infosec-jobs.com

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Security Engineer

@ AXS | London, England, UK
View on infosec-jobs.com