Vulnerabilities > CVE-2013-5006 - Credentials Management vulnerability in Westerndigital MY NET N750, MY NET N900 and MY NET N900C
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Western Digital My Net Wireless Routers - Password Disclosure. CVE-2013-5006. Webapps exploit for hardware platform |
id | EDB-ID:27288 |
last seen | 2016-02-03 |
modified | 2013-08-02 |
published | 2013-08-02 |
reporter | Kyle Lovett |
source | https://www.exploit-db.com/download/27288/ |
title | Western Digital My Net Wireless Routers - Password Disclosure |
Nessus
NASL family | CGI abuses |
NASL id | WD_MY_NET_PASSWORD_DISCLOSURE.NASL |
description | The web server for the Western Digital My Net router identified is affected by an information disclosure vulnerability. The admin password is stored in plaintext as the value for |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 69370 |
published | 2013-08-15 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/69370 |
title | Western Digital My Net Router main_internet.php Admin Credential Disclosure |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/122640/wdmynetn-disclose.txt |
id | PACKETSTORM:122640 |
last seen | 2016-12-05 |
published | 2013-08-01 |
reporter | Kyle Lovett |
source | https://packetstormsecurity.com/files/122640/Western-Digital-My-Net-Password-Disclosure.html |
title | Western Digital My Net Password Disclosure |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:80902 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-80902 |
title | Western Digital My Net Wireless Routers - Password Disclosure |