WD TV Live Hub Compromised - Multiple Vulnerabilities Found By Dr. Alberto Fontanella

Dr. Alberto Fontanella found on (Western Digital) WD TV Live Hub appliance with the last firmware installed (2.06.10) and 3 exploits to get admin password, deface appliance and get root shell:

Author: Dr. Alberto Fontanella
E-mail: itsicurezza<0x40>yahoo.it
Web: www.fulgursec.com

Vendor: Western Digital
Vendor Web: www.wdc.com
Version: WD TV Live Hub <= 2.06.10 (firmware) ALL VERSIONS
Type: Appliance
Issues: Storage Anonymous Access, Full Path Disclosure, Bypass Authentication Schema, Appliance Command Execution, DoS, OS , Command Execution, Root Shell ;-)

* AF - Owning WD TV Live Hub
FILE: AF-Owning_WD_TV_Live_Hub.pdf
INFO: Paper that shows all issues found on WD TV Live Hub and how use it to get Root!

* AF - PoC/Exploit WD TV Live Hub Get Admin Password
FILE: AF-WD_TV_Live_Hub_password.sh
INFO: Exploit (Bypass Authentication Schema) to Get Admin Password of Web Console

* AF - PoC/Exploit WD TV Live Hub Deface
FILE: AF-WD_TV_Live_Hub_deface.sh
INFO: Exploit (Appliance Command Execution) to Deface WD TV Live Hub

*AF - PoC/Exploit WD TV Live Hub Get Root Shell
FILE: AF-WD_TV_Live_Hub_root_shell.sh
INFO: Exploit (OS Command Execution) to Get Root Shell

Download all Files Here
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.