medium
6.3
CWE
522
Advisory Published
Updated

CVE-2019-10706

First published: Tue Mar 10 2020(Updated: )

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Westerndigital Sandisk X600 SD9TB8W-128G Firmware<x6112100
Westerndigital Sandisk X600 SD9TB8W-128G Firmware
Westerndigital Sandisk X600 Sd9tb8w-256g Firmware<x6112100
Westerndigital Sandisk X600 Sd9tb8w-256g Firmware
Westerndigital Sandisk X600 Sd9tb8w-512g Firmware<x6112100
Westerndigital Sandisk X600 Sd9tb8w-512g Firmware
Westerndigital Sandisk X600<x6112100
Westerndigital Sandisk X600 Sd9tb8w-1t00 Firmware
Westerndigital Sandisk X600 Sd9tb8w-2t00 Firmware<x6112100
Westerndigital Sandisk X600 Sd9tb8w-2t00 Firmware
Westerndigital Sandisk X600 SD9TN8W-128G<x6112100
Westerndigital Sandisk X600
Westerndigital Sandisk X600 Sd9tn8w-256g Firmware<x6112100
Westerndigital Sandisk X600 Sd9tn8w-256g Firmware
Westerndigital Sandisk X600 Sd9tn8w-512g Firmware<x6112100
Westerndigital Sandisk X600 Sd9tn8w-512g Firmware
Westerndigital Sandisk X600<x6112100
Westerndigital Sandisk X600 Sd9tn8w-1t00 Firmware
Westerndigital Sandisk X600 Sd9tn8w-2t00 Firmware<x6112100
Westerndigital Sandisk X600 Sd9tn8w-2t00 Firmware
Western Digital SanDisk X600 SD9SB8W-128G<x6112100
Western Digital SanDisk X600 SD9SB8W-128G
Westerndigital Sandisk X600 Sd9sb8w-256g Firmware<x6112100
Westerndigital Sandisk X600 Sd9sb8w-256g Firmware
Westerndigital Sandisk X600 Sd9sb8w-512g Firmware<x6112100
Western Digital SanDisk X600
Westerndigital Sandisk X600 Sd9sb8w-1t00<x6112100
Westerndigital Sandisk X600 Sd9sb8w-1t00 Firmware
Westerndigital Sandisk X600 Sd9sb8w-2t00 Firmware<x6112100
Westerndigital Sandisk X600 Sd9sb8w-2t00 Firmware
Western Digital SanDisk X600 SD9SN8W-128G<x6112100
Western Digital SanDisk X600 SD9SN8W-128G
Westerndigital Sandisk X600 Sd9sn8w-256g Firmware<x6112100
Westerndigital Sandisk X600
Western Digital SanDisk X600 SD9SN8W-512G<x6112100
Western Digital SanDisk X600 SD9SN8W-512G
Westerndigital Sandisk X600<x6112100
Westerndigital Sandisk X600
Westerndigital Sandisk X600 Sd9sn8w-2t00 Firmware<x6112100
Westerndigital Sandisk X600 Sd9sn8w-2t00 Firmware
Western Digital SanDisk X300s SD7SB3Q-064G Firmware
Westerndigital Sandisk X300s
Westerndigital Sandisk X300s
Westerndigital Sandisk X300s Sd7sn3q-064g Firmware
Westerndigital Sandisk X300s SD7UB2Q-010T
Westerndigital Sandisk X300s
Westerndigital Sandisk X300s SD7UB2Q-512G
Westerndigital Sandisk X300s
Westerndigital Sandisk X300s
Westerndigital Sandisk X300s
Western Digital SanDisk X300s
Westerndigital Sandisk X300s Sd7ub3q-256g Firmware
Westerndigital Sandisk X300s SD7UN3Q-128G
Westerndigital Sandisk X300s
Western Digital SanDisk X300s
Westerndigital Sandisk X300s Sd7un3q-256g Firmware
Westerndigital Sandisk X300s SD7UN3Q-512G
Westerndigital Sandisk X300s
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sb8u-128g Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sb8u-128g-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-1t00 Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sb8u-256g Firmware
Westerndigital Sandisk X400 Sd8sb8u-256g Firmware
Westerndigital Sandisk X400 Sd8sb8u-256g Firmware
Westerndigital Sandisk X400 SD8SB8U-512G Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400 SD8SB8U-512G Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sn8u-128g-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-1t00 Firmware
Westerndigital Sandisk X400 Sd8sn8u-1t00 Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sb8u-1t00-1122 Firmware
Westerndigital Sandisk X400 Sd8sn8u-256g Firmware
Westerndigital Sandisk X400 Sd8sn8u-256g Firmware
Westerndigital Sandisk X400 Sd8sn8u-256g Firmware
Westerndigital Sandisk X400 Sd8sb8u-256g-1122
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8sn8u-512g Firmware
Westerndigital Sandisk X400 Sd8sn8u-512g Firmware
Westerndigital Sandisk X400 Sd8sn8u-512g Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8tb8u-128g-1122 Firmware
Westerndigital Sandisk X400
Westerndigital Sandisk X400 Sd8tb8u-1t00-1122 Firmware
Western Digital SanDisk X400 SD8TB8U-256G-1122 Firmware
Western Digital SanDisk X400 SD8TB8U-256G-1122 Firmware
Western Digital SanDisk X400
Western Digital SanDisk X400
Western Digital SanDisk X300
Western Digital SanDisk X300
Westerndigital Sandisk X300 Sd7sb6s-256g
Westerndigital Sandisk X300 Sd7sb6s-256g Firmware
Westerndigital Sandisk X300 Sd7sb7s-010t Firmware
Westerndigital Sandisk X300
Westerndigital Sandisk X300
Westerndigital Sandisk X300 Sd7sb7s-512g Firmware
Westerndigital Sandisk X300
Westerndigital Sandisk X300 Sd7sf6s-128g Firmware
Westerndigital Sandisk X300 Sd7sb6s-256g Firmware
Westerndigital Sandisk X300
Westerndigital Sandisk X300
Westerndigital Sandisk X300
Western Digital SanDisk X300 SD7SN6S-128G Firmware
Western Digital SanDisk X300 SD7SN6S-128G Firmware
Westerndigital Sandisk X300 SD7SN6S-256G
Westerndigital Sandisk X300 SD7SN6S-256G
Westerndigital Sandisk X300
Westerndigital Sandisk X300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-10706?

    CVE-2019-10706 has been assigned a medium severity rating due to the potential for unauthorized firmware installation using extracted keys.

  • How do I fix CVE-2019-10706?

    To mitigate CVE-2019-10706, updating the firmware to the latest version from Western Digital is essential to close the authentication vulnerability.

  • What products are affected by CVE-2019-10706?

    CVE-2019-10706 affects Western Digital's SanDisk X300, X300s, X400, and X600 SSD devices running specific firmware versions.

  • What type of vulnerability is CVE-2019-10706?

    CVE-2019-10706 is an authentication vulnerability that allows the installation of arbitrary firmware if the HMAC key is compromised.

  • Is CVE-2019-10706 actively being exploited?

    As of now, there are no public reports confirming active exploitation of CVE-2019-10706.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203