CVE-2019-10706
MEDIUMWestern Digital SanDisk X300 X300s X400 X600 Firmware < x6112100 - Insufficiently Protected Credentials
Title source: llmDescription
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.
References (3)
Core 3
Core References
Product x_refsource_misc
https://support.wdc.com/cat_products.aspx?ID=6&lang=en
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd
Scores
CVSS v3
6.3
EPSS
0.0028
EPSS Percentile
19.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (50)
westerndigital/sandisk_x300_sd7sb6s-128g_firmware
westerndigital/sandisk_x300_sd7sb6s-256g_firmware
westerndigital/sandisk_x300_sd7sb7s-010t_firmware
westerndigital/sandisk_x300_sd7sb7s-512g_firmware
westerndigital/sandisk_x300_sd7sf6s-128g_firmware
westerndigital/sandisk_x300_sd7sf6s-256g_firmware
westerndigital/sandisk_x300_sd7sf6s-512g_firmware
westerndigital/sandisk_x300_sd7sn6s-128g_firmware
westerndigital/sandisk_x300_sd7sn6s-256g_firmware
westerndigital/sandisk_x300_sd7sn6s-512g_firmware
... and 40 more
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026