CVE-2021-35941
published 2021-06-29CVE-2021-35941: Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.71%
95.8th percentile
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| westerndigital | wd_my_book_live_firmware | >= 2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check Point IPS provides a signature for the related WD MyBook Live remote code execution vulnerability; monitor for IPS rule triggers on WD My Book Live devices ↗
- →The vulnerability allows unauthenticated factory restore via the administrator API on WD My Book Live (2.x and later) and WD My Book Live Duo (all versions); monitor for unauthenticated POST/GET requests to the factory restore API endpoint on these devices ↗
- ·CVE-2021-35941 is a distinct vulnerability from CVE-2018-18472; the two are separate flaws affecting the same device family and should not be conflated in detection rules ↗
- ·The vulnerability description labels it an 'Authenticated factory reset flaw', but the NVD description clarifies it requires NO authentication; detection logic should not require an authenticated session as a precondition ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mc72-rv83-h28w: Western Digital WD My Book Live (2
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2021-35941 [CRITICAL] CWE-287 GHSA-mc72-rv83-h28w: Western Digital WD My Book Live (2
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
VulnCheck
Western Digital wd_my_book_live_firmware Missing Authentication for Critical Function
vulncheck·2021·CVSS 9.8
CVE-2021-35941 [CRITICAL] Western Digital wd_my_book_live_firmware Missing Authentication for Critical Function
Western Digital wd_my_book_live_firmware Missing Authentication for Critical Function
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
Affected: Western Digital wd_my_book_live_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2021-35941; https://www.westerndigital.com/support/product-security/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
No detection rules found.
No public exploits indexed.
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduohttps://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo
2021-06-29
Published
Exploited in the wild