WD TV Live Hub Compromised - Multiple Vulnerabilities Found By Dr. Alberto Fontanella
Dr. Alberto Fontanella found on (Western Digital) WD TV Live Hub appliance with the last firmware installed (2.06.10) and 3 exploits to get admin password, deface appliance and get root shell:
Author: Dr. Alberto Fontanella
E-mail: itsicurezza<0x40>yahoo.it
Web: www.fulgursec.com
Vendor: Western Digital
Vendor Web: www.wdc.com
Version: WD TV Live Hub <= 2.06.10 (firmware) ALL VERSIONS
Type: Appliance
Issues: Storage Anonymous Access, Full Path Disclosure, Bypass Authentication Schema, Appliance Command Execution, DoS, OS , Command Execution, Root Shell ;-)
* AF - Owning WD TV Live Hub
FILE: AF-Owning_WD_TV_Live_Hub.pdf
INFO: Paper that shows all issues found on WD TV Live Hub and how use it to get Root!
* AF - PoC/Exploit WD TV Live Hub Get Admin Password
FILE: AF-WD_TV_Live_Hub_password.sh
INFO: Exploit (Bypass Authentication Schema) to Get Admin Password of Web Console
* AF - PoC/Exploit WD TV Live Hub Deface
FILE: AF-WD_TV_Live_Hub_deface.sh
INFO: Exploit (Appliance Command Execution) to Deface WD TV Live Hub
*AF - PoC/Exploit WD TV Live Hub Get Root Shell
FILE: AF-WD_TV_Live_Hub_root_shell.sh
INFO: Exploit (OS Command Execution) to Get Root Shell
Download all Files Here
Dr. Alberto Fontanella found on (Western Digital) WD TV Live Hub appliance with the last firmware installed (2.06.10) and 3 exploits to get admin password, deface appliance and get root shell:
Author: Dr. Alberto Fontanella
E-mail: itsicurezza<0x40>yahoo.it
Web: www.fulgursec.com
Vendor: Western Digital
Vendor Web: www.wdc.com
Version: WD TV Live Hub <= 2.06.10 (firmware) ALL VERSIONS
Type: Appliance
Issues: Storage Anonymous Access, Full Path Disclosure, Bypass Authentication Schema, Appliance Command Execution, DoS, OS , Command Execution, Root Shell ;-)
* AF - Owning WD TV Live Hub
FILE: AF-Owning_WD_TV_Live_Hub.pdf
INFO: Paper that shows all issues found on WD TV Live Hub and how use it to get Root!
* AF - PoC/Exploit WD TV Live Hub Get Admin Password
FILE: AF-WD_TV_Live_Hub_password.sh
INFO: Exploit (Bypass Authentication Schema) to Get Admin Password of Web Console
* AF - PoC/Exploit WD TV Live Hub Deface
FILE: AF-WD_TV_Live_Hub_deface.sh
INFO: Exploit (Appliance Command Execution) to Deface WD TV Live Hub
*AF - PoC/Exploit WD TV Live Hub Get Root Shell
FILE: AF-WD_TV_Live_Hub_root_shell.sh
INFO: Exploit (OS Command Execution) to Get Root Shell
Download all Files Here
