Details of VAR-202106-1091

ID

VAR-202106-1091

CVE

CVE-2021-35941

TITLE

Unidentified vulnerability exists in Western Digital WD My Book Live

Trust: 0.6

sources: CNVD: CNVD-2021-55172

DESCRIPTION

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. Western Digital WD My Book Live is a network storage device of Western Digital (Western Digital). The vulnerability stems from the product having an administrator API. Attackers can use this vulnerability to perform system factory recovery without authentication. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-35941 // CNVD: CNVD-2021-55172 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-35941

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-55172

AFFECTED PRODUCTS

vendor:	westerndigital	model:	wd my book live	scope:	gte	version:	2.0	Trust: 1.0
vendor:	westerndigital	model:	wd my book live duo	scope:	eq	version:	*	Trust: 1.0
vendor:	western	model:	digital wd my book live	scope:	lte	version:	<=2.*	Trust: 0.6

sources: CNVD: CNVD-2021-55172 // NVD: CVE-2021-35941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-35941
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-55172
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1959
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-35941
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-35941
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-55172
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-35941
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-55172 // VULMON: CVE-2021-35941 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1959 // NVD: CVE-2021-35941

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.0

sources: NVD: CVE-2021-35941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1959

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for Unidentified vulnerability exists in Western Digital WD My Book Live	url:	https://www.cnvd.org.cn/patchInfo/show/282101	Trust: 0.6
title:	Western Digital WD My Book Live Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156056	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/zero-day-wipe-my-book-live/167422/	Trust: 0.1

sources: CNVD: CNVD-2021-55172 // VULMON: CVE-2021-35941 // CNNVD: CNNVD-202106-1959

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35941	Trust: 2.3
db:	CNVD	id:	CNVD-2021-55172	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021063021	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1959	Trust: 0.6
db:	VULMON	id:	CVE-2021-35941	Trust: 0.1

sources: CNVD: CNVD-2021-55172 // VULMON: CVE-2021-35941 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1959 // NVD: CVE-2021-35941

REFERENCES

url:	https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo	Trust: 1.7
url:	https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35941	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021063021	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/zero-day-wipe-my-book-live/167422/	Trust: 0.1

sources: CNVD: CNVD-2021-55172 // VULMON: CVE-2021-35941 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1959 // NVD: CVE-2021-35941

SOURCES

db:	CNVD	id:	CNVD-2021-55172
db:	VULMON	id:	CVE-2021-35941
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1959
db:	NVD	id:	CVE-2021-35941

LAST UPDATE DATE

2024-08-14T13:06:19.137000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-55172	date:	2021-07-27T00:00:00
db:	VULMON	id:	CVE-2021-35941	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1959	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-35941	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-55172	date:	2021-07-20T00:00:00
db:	VULMON	id:	CVE-2021-35941	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1959	date:	2021-06-29T00:00:00
db:	NVD	id:	CVE-2021-35941	date:	2021-06-29T21:15:07.880