Full title: Western Digital Arkeia Remote Code Execution Vulnerability Category: remote exploits Platform: windows This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10. # 0day.today @ http://0day.today/