Arbitrary File Substitution Vulnerability in Western Digital and SanDisk SSD Dashboard

Arbitrary File Substitution Vulnerability in Western Digital and SanDisk SSD Dashboard

CVE-2019-13467 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.

Learn more about our Web App Pen Testing.