Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud firmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36327
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an malicious user to write files to locations with certain critical filesystem types leading to remote code execution exists in Western Digital My Cloud Home, M...
Westerndigital My Cloud Os 5
Westerndigital My Cloud Home Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Home Duo Firmware
9.8
CVSSv3
CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29844
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
9.8
CVSSv3
CVE-2022-29843
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to execute code in the context of the root user.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
9.8
CVSSv3
CVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an malicious user to execute unsigned code on My Cloud Home devices.
Westerndigital My Cloud Home Duo Firmware
Westerndigital My Cloud Home Firmware
9.8
CVSSv3
CVE-2022-22995
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror Gen 2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Firmware
Westerndigital Wd Cloud Firmware
Westerndigital My Cloud Home Firmware
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Netatalk Netatalk
9.8
CVSSv3
CVE-2020-27744
An issue exists on Western Digital My Cloud NAS devices prior to 5.04.114. They allow remote code execution with resultant escalation of privileges.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-25765
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices before 5.4.1140.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-27158
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-27159
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices before 5.04.114
Westerndigital My Cloud Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »