cbcvebase.
CVE-2018-18472
published 2019-06-19

CVE-2018-18472: Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the…

PriorityP188critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
30.28%
98.0th percentile
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,

Affected

1 ranges
VendorProductVersion rangeFixed in
westerndigitalwd_my_book_live_firmware>= 2.0

Detection & IOCsextracted from sources · hover to see the quote

otherCVE-2018-18472
  • Check Point IPS signature available for detection of exploitation attempts targeting CVE-2018-18472.
  • The vulnerability can be triggered by any remote attacker who knows the IP address of the affected device — no authentication required. Monitor for unauthenticated remote command execution attempts against WD My Book Live / My Book Live Duo devices exposed to the internet.
  • Exploitation observed in the wild in June 2021 resulting in factory reset commands being issued, wiping all data on affected devices. Investigate unexpected factory resets or mass data loss on WD My Book Live devices as a potential indicator of exploitation.
  • ·Affected devices (WD My Book Live and My Book Live Duo, all versions) received their final firmware update in 2015 and are end-of-life; no patch is available from the vendor. The attack surface is limited to devices directly reachable from the internet.
  • ·CVE-2018-18472 (root RCE) is a distinct vulnerability from CVE-2021-35941 (unauthenticated factory reset); both were exploited in the June 2021 campaign but require separate detection and remediation considerations.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.