Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud os vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29563
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2020-28940
On Western Digital My Cloud OS 5 devices prior to 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2023-22814
An authentication bypass issue via spoofing exists in the token-based authentication mechanism that could allow an malicious user to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: prior to 5.26.202.
Westerndigital My Cloud Os
6.7
CVSSv3
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attac...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-22989
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2020-28971
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
5.5
CVSSv3
CVE-2022-29840
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the l...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2020-28970
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an aut...
Westerndigital My Cloud Os 5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »