← Back to CVEs
CVE-2021-33205
HIGH8.8
Description
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/11/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
westerndigital:edgerover
References
https://www.westerndigital.com/support/productsecurity/wdc-21007-edgerover-windows-app-ver-0-25(cve@mitre.org)
https://www.westerndigital.com/support/productsecurity/wdc-21007-edgerover-windows-app-ver-0-25(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.