diff --git a/2018/18xxx/CVE-2018-18472.json b/2018/18xxx/CVE-2018-18472.json index 40f182eed23..5221aff066d 100644 --- a/2018/18xxx/CVE-2018-18472.json +++ b/2018/18xxx/CVE-2018-18472.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device." + "value": "Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands," } ] }, @@ -52,15 +52,20 @@ }, "references": { "reference_data": [ - { - "url": "https://www.wdc.com", - "refsource": "MISC", - "name": "https://www.wdc.com" - }, { "refsource": "MISC", "name": "https://www.wizcase.com/blog/hack-2018/", "url": "https://www.wizcase.com/blog/hack-2018/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo" + }, + { + "refsource": "MISC", + "name": "https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147", + "url": "https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147" } ] }