mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
743 B
743 B
CVE-2021-36225
Description
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
POC
Reference
- https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md
- https://www.youtube.com/watch?v=vsg9YgvGBec
Github
No PoCs found on GitHub currently.