← back
CVE-2019-16399

CVE-2019-16399

EPSS 7.1%
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47399unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154524/Western-Digital-My-Book-World-II-NAS-1.02.12-Hardcoded-Credential.htmlhttps://gist.github.com/pak0s/22ad6bae26198ebcd137b61adb6fcfe6