Critical severity9.8NVD Advisory· Published Dec 12, 2017· Updated Jun 17, 2026
CVE-2017-17560
CVE-2017-17560
Description
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:2.30.172:*:*:*:*:*:*:*
- Range: = 2.30.172
Patches
Vulnerability mechanics
References
3- download.exploitee.rs/file/generic/Exploiteers-DEFCON25.pdfnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/43356/nvdExploitThird Party AdvisoryVDB Entry
- github.com/rapid7/metasploit-framework/pull/9248nvdThird Party Advisory
News mentions
0No linked articles in our index yet.