First published: Wed Nov 13 2019(Updated: )
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Western Digital My Cloud EX2 Ultra firmware | =2.31.195 | |
Western Digital My Cloud EX2 Ultra |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18929 is a vulnerability in the Western Digital My Cloud EX2 Ultra firmware 2.31.183 that allows web users, including guest accounts, to remotely execute arbitrary code via a stack-based buffer overflow in the download_mgr.cgi script.
CVE-2019-18929 has a severity rating of 8.8 (critical).
If you are using the Western Digital My Cloud EX2 Ultra firmware version 2.31.183, your system is vulnerable to remote code execution by web users, including guest accounts.
To fix CVE-2019-18929, you should update your Western Digital My Cloud EX2 Ultra firmware to version 2.31.195 or later.
You can find more information about CVE-2019-18929 in the following references: [GitHub Description](https://github.com/DelspoN/CVE/blob/master/CVE-2019-18929/description.txt), [GitHub Repository](https://github.com/DelspoN/CVE/tree/master/CVE-2019-18929).