Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud os vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
NA
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
NA
CVE-2023-22813
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a p...
Westerndigital My Cloud
Westerndigital Sandisk Ibi
Westerndigital My Cloud Home
Westerndigital My Cloud Os 5
NA
CVE-2022-29843
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to execute code in the context of the root user.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
NA
CVE-2022-29844
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
668
VMScore
CVE-2022-22989
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
Westerndigital My Cloud Os
409
VMScore
CVE-2021-3310
Western Digital My Cloud OS 5 devices prior to 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
Westerndigital My Cloud Os
1 Github repository
668
VMScore
CVE-2020-29563
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
Westerndigital My Cloud Os 5
668
VMScore
CVE-2020-28971
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
Westerndigital My Cloud Os 5
668
VMScore
CVE-2020-28970
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an aut...
Westerndigital My Cloud Os 5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »