Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
western digital my cloud pr4100 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29843
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to execute code in the context of the root user.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
9.8
CVSSv3
CVE-2022-29844
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
9.8
CVSSv3
CVE-2022-22994
A remote code execution vulnerability exists on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disablin...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2019-9950
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware prior to 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file che...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
9.8
CVSSv3
CVE-2019-9951
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware prior to 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/...
Western Digital My Cloud Mirror Gen 2 Firmware
Western Digital My Cloud Ex2 Ultra Firmware
Western Digital My Cloud Ex2100 Firmware
Western Digital My Cloud Ex4100
Western Digital My Cloud Dl2100
Western Digital My Cloud Dl4100 Firmware
Western Digital My Cloud Pr2100 Firmware
Western Digital My Cloud Pr4100
Western Digital My Cloud Firmware
1 Github repository
8.8
CVSSv3
CVE-2022-22993
A limited SSRF vulnerability exists on Western Digital My Cloud devices that could allow an malicious user to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Westerndigital My Cloud Os
8.8
CVSSv3
CVE-2022-22990
A limited authentication bypass vulnerability exists that could allow an malicious user to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
Westerndigital My Cloud Os
8.8
CVSSv3
CVE-2019-9949
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitra...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »