What is CVE-2017-17560?

CVE-2017-17560 is a vulnerability that affects Western Digital MyCloud PR4100 2.30.172 devices, allowing unauthorized users to upload files to any location on the device's file system.

How severe is CVE-2017-17560?

CVE-2017-17560 has a severity score of 9.8 out of 10, indicating a critical vulnerability.

How can an attacker exploit CVE-2017-17560?

An attacker can exploit CVE-2017-17560 by accessing the /web/jquery/uploader/multi_uploadify.php component of the device's web administration without authentication and uploading a file to any location on the device's file system.

Are all versions of Western Digital MyCloud PR4100 affected by CVE-2017-17560?

No, only version 2.30.172 of Western Digital MyCloud PR4100 firmware is affected by CVE-2017-17560.

Is there a fix for CVE-2017-17560?

Yes, it is recommended to update the firmware of the affected Western Digital MyCloud PR4100 devices to a version that includes the security patch for CVE-2017-17560.

Vulnerability/
CVE-2017-17560

critical

CWE

287

12/12/2017

28/5/2019

CVE-2017-17560

First published: Tue Dec 12 2017(Updated: )

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Westerndigital My Cloud Pr4100 Firmware	=2.30.172
Westerndigital My Cloud Pr4100

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-17560?
CVE-2017-17560 is a vulnerability that affects Western Digital MyCloud PR4100 2.30.172 devices, allowing unauthorized users to upload files to any location on the device's file system.
How severe is CVE-2017-17560?
CVE-2017-17560 has a severity score of 9.8 out of 10, indicating a critical vulnerability.
How can an attacker exploit CVE-2017-17560?
An attacker can exploit CVE-2017-17560 by accessing the /web/jquery/uploader/multi_uploadify.php component of the device's web administration without authentication and uploading a file to any location on the device's file system.
Are all versions of Western Digital MyCloud PR4100 affected by CVE-2017-17560?
No, only version 2.30.172 of Western Digital MyCloud PR4100 firmware is affected by CVE-2017-17560.
Is there a fix for CVE-2017-17560?
Yes, it is recommended to update the firmware of the affected Western Digital MyCloud PR4100 devices to a version that includes the security patch for CVE-2017-17560.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/westerndigital
canonical/westerndigital my cloud pr4100 firmware
version/westerndigital my cloud pr4100 firmware/2.30.172
canonical/westerndigital my cloud pr4100

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.