CVE-2019-18931

Published: Nov 13, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.

Affected (1)

Products: Western Digital: My Cloud Ex2 Ultra Firmware

Western Digital

1 product

My Cloud Ex2 Ultra Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Western Digital My Cloud Ex2 Ultra Firmware	Version 2.31.195

Running on/with	Platform Versions
Western Digital My Cloud Ex2 Ultra	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt

Source: cve@mitre.org

Third Party Advisory

https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/DelspoN/CVE/blob/master/CVE-2019-18931/description.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/DelspoN/CVE/tree/master/CVE-2019-18931

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.