cbcvebase.
CVE-2021-35941
published 2021-06-29

CVE-2021-35941: Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.71%
95.8th percentile
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.

Affected

1 ranges
VendorProductVersion rangeFixed in
westerndigitalwd_my_book_live_firmware>= 2.0

Detection & IOCsextracted from sources · hover to see the quote

  • Check Point IPS provides a signature for the related WD MyBook Live remote code execution vulnerability; monitor for IPS rule triggers on WD My Book Live devices
  • The vulnerability allows unauthenticated factory restore via the administrator API on WD My Book Live (2.x and later) and WD My Book Live Duo (all versions); monitor for unauthenticated POST/GET requests to the factory restore API endpoint on these devices
  • ·CVE-2021-35941 is a distinct vulnerability from CVE-2018-18472; the two are separate flaws affecting the same device family and should not be conflated in detection rules
  • ·The vulnerability description labels it an 'Authenticated factory reset flaw', but the NVD description clarifies it requires NO authentication; detection logic should not require an authenticated session as a precondition

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.