{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-18T02:55:37.084","vulnerabilities":[{"cve":{"id":"CVE-2018-9148","sourceIdentifier":"cve@mitre.org","published":"2018-03-30T19:29:00.397","lastModified":"2026-06-17T02:06:09.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud."},{"lang":"es","value":"Los dispositivos Western Digital WD My Cloud v04.05.00-320 incrustan el token de sesión (también conocido como PHPSESSID) en los nombres de los archivos, lo que hace que sea más fácil para los atacantes omitir la autenticación al listar un directorio. NOTA: esto se puede explotar junto con CVE-2018-7171 para omitir la autenticación remota en un producto que utiliza My Cloud."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_firmware:04.05.00-320:*:*:*:*:*:*:*","matchCriteriaId":"19D9AD8B-B95B-48DE-8820-51A0EC427671"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*","matchCriteriaId":"3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"}]}]}],"references":[{"url":"https://exploit-db.com/exploits/44350/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://exploit-db.com/exploits/44350/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}