CVE-2017-17560

CRITICAL EXPLOITED

Westerndigital MY Cloud Pr4100 Firmware - Authentication Bypass

Title source: rule

Description

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/43356

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdf

[Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/9248

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43356/

Scores

CVSS v3 9.8

EPSS 0.8338

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22

CWE

CWE-287

Status published

Products (1)

westerndigital/my_cloud_pr4100_firmware 2.30.172

Published Dec 12, 2017

Tracked Since Feb 18, 2026