CVE-2013-5006

Western Digital My Net - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5006. PoCs published by Kyle Lovett.

AI-analyzed exploit summary This exploit leverages a plaintext password storage vulnerability in Western Digital My Net Series routers. By accessing a specific URL, an attacker can retrieve the admin password in cleartext without authentication.

Description

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.

Exploits (1)

exploitdb WORKING POC
by Kyle Lovett · textwebappshardware
https://www.exploit-db.com/exploits/27288

This exploit leverages a plaintext password storage vulnerability in Western Digital My Net Series routers. By accessing a specific URL, an attacker can retrieve the admin password in cleartext without authentication.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Western Digital My Net Series Wireless Routers (N600, N750, N900, N900C) with vulnerable firmware versions
No auth needed
Prerequisites: UPnP and remote administrative access (port 8080) must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85903
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/95519
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html

Scores

EPSS 0.0456
EPSS Percentile 90.4%

Details

CWE
CWE-255
Status published
Products (3)
westerndigital/my_net_n750
westerndigital/my_net_n900
westerndigital/my_net_n900c
Published Jul 31, 2013
Tracked Since Feb 18, 2026