WD TV Live Hub Compromised - Multiple Vulnerabilities Found By Dr. Alberto Fontanella
The Hacker News

Dr. Alberto Fontanella found on (Western Digital) WD TV Live Hub appliance with the last firmware installed (2.06.10) and 3 exploits to get admin password, deface appliance and get root shell:

Author: Dr. Alberto Fontanella
E-mail: itsicurezza<0x40>yahoo.it
Web: www.fulgursec.com

Vendor: Western Digital
Vendor Web: www.wdc.com
Version: WD TV Live Hub <= 2.06.10 (firmware) ALL VERSIONS
Type: Appliance
Issues: Storage Anonymous Access, Full Path Disclosure, Bypass Authentication Schema, Appliance Command Execution, DoS, OS , Command Execution, Root Shell ;-)

* AF - Owning WD TV Live Hub
FILE: AF-Owning_WD_TV_Live_Hub.pdf
INFO: Paper that shows all issues found on WD TV Live Hub and how use it to get Root!

* AF - PoC/Exploit WD TV Live Hub Get Admin Password
FILE: AF-WD_TV_Live_Hub_password.sh
INFO: Exploit (Bypass Authentication Schema) to Get Admin Password of Web Console

* AF - PoC/Exploit WD TV Live Hub Deface
FILE: AF-WD_TV_Live_Hub_deface.sh
INFO: Exploit (Appliance Command Execution) to Deface WD TV Live Hub

*AF - PoC/Exploit WD TV Live Hub Get Root Shell
FILE: AF-WD_TV_Live_Hub_root_shell.sh
INFO: Exploit (OS Command Execution) to Get Root Shell

Download all Files Here
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.