CVE-2016-10107

Name: CVE-2016-10107
Creator: NVD / NIST
Published: 2017-01-03T06:59:00.213+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 11.14%

Last modified Jun 17, 2026

CVE-2016-10107 is a vulnerability of currently unknown severity. Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.. EPSS estimates a 11.14% chance of exploitation in the next 30 days.

Description

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

Metrics

EPSS Probability

11.14%

95.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-77

Affected Software

Vendor	Product	Versions
Western Digital	Mycloud Nas	2.11.142

References

http://www.securityfocus.com/bid/95201
https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/Exploit, Third Party Advisory
http://www.securityfocus.com/bid/95201
https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/Exploit, Third Party Advisory

Timeline

Published: Jan 3, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-10107?

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

How severe is CVE-2016-10107?

Severity scoring for CVE-2016-10107 is pending analysis. The EPSS model estimates a 11.14% probability of exploitation in the next 30 days.

How do I fix CVE-2016-10107?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-10107?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST