Summary
This host is running Western Digital My Net Router and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to gain access to credential information.
Impact Level: Application
Solution
Upgrade to version 1.07.16, for the My Net N900 and My Net N900.
For My Net N600 and My Net N750 solution is to revert to the earlier firmware of 1.01.04 or 1.01.20, or disable remote administrative access.
For updates refer to http://www.wdc.com/en
Insight
The issue is due to the device storing the admin password in clear text in the main_internet.php source code page as the value for 'var pass'.
Affected
Western Digital My Net N600 1.03, 1.04,
Western Digital My Net N750 1.03, 1.04,
Western Digital My Net N900 1.05, 1.06 and
Western Digital My Net N900C 1.05, 1.06
Detection
Send a crafted data via HTTP request and check whether it is able to read the password or not.
References
Severity
Classification
-
CVE CVE-2013-5006 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- aeNovo Database Content Disclosure Vulnerability