CVE-2021-33205 | Date: (C)2021-06-12 (M)2023-12-22 |
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 8.8 | CVSS Score : 6.5 |
Exploit Score: 2.8 | Exploit Score: 8.0 |
Impact Score: 5.9 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: LOW | Authentication: SINGLE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: PARTIAL |
Integrity: HIGH | |
Availability: HIGH | |
| |