CVE-2021-35941
First published: Tue Jun 29 2021(Updated: )
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital Wd My Book Live Firmware | >=2.0 | |
| Westerndigital Wd My Book Live | ||
| Westerndigital Wd My Book Live Duo Firmware | ||
| Westerndigital Wd My Book Live Duo |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Western Digital My Book Live and My Book Live Duo?
The vulnerability ID is CVE-2021-35941.
What is the severity rating of CVE-2021-35941?
The severity rating is high with a score of 7.5.
What is affected by CVE-2021-35941?
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) are affected.
How can CVE-2021-35941 be exploited?
The vulnerability allows an attacker to perform a system factory restore without authentication.
Are there any recommended security measures for WD My Book Live and My Book Live Duo?
Yes, Western Digital has provided recommended security measures. Please refer to their official support page for more information.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/westerndigital
- canonical/westerndigital wd my book live firmware
- version/westerndigital wd my book live firmware/2.0
- canonical/westerndigital wd my book live
- canonical/westerndigital wd my book live duo firmware
- canonical/westerndigital wd my book live duo