This host is running Western Digital My Net Router and is prone to information disclosure vulnerability.

Successful exploitation will allow attacker to gain access to credential information. Impact Level: Application

Upgrade to version 1.07.16, for the My Net N900 and My Net N900. For My Net N600 and My Net N750 solution is to revert to the earlier firmware of 1.01.04 or 1.01.20, or disable remote administrative access. For updates refer to http://www.wdc.com/en

The issue is due to the device storing the admin password in clear text in the main_internet.php source code page as the value for 'var pass'.

Western Digital My Net N600 1.03, 1.04, Western Digital My Net N750 1.03, 1.04, Western Digital My Net N900 1.05, 1.06 and Western Digital My Net N900C 1.05, 1.06

Send a crafted data via HTTP request and check whether it is able to read the password or not.

• http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html
• http://seclists.org/bugtraq/2013/Aug/10
• http://www.osvdb.org/95519
• http://www.securityfocus.com/archive/1/527433
• http://xforce.iss.net/xforce/xfdb/85903

---

Updated on 2015-03-25