Description
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
Exploits (1)
exploitdb
WORKING POC
by Kyle Lovett · textwebappshardware
https://www.exploit-db.com/exploits/27288
References (4)
Core 4
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85903
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/95519
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html
Scores
EPSS
0.0827
EPSS Percentile
92.3%
Details
CWE
CWE-255
Status
published
Products (3)
westerndigital/my_net_n750
westerndigital/my_net_n900
westerndigital/my_net_n900c
Published
Jul 31, 2013
Tracked Since
Feb 18, 2026