Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
NA
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
NA
CVE-2022-36329
An improper privilege management issue that could allow an malicious user to cause a denial of service over the OTA mechanism exists in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: prior to 9.4.0-...
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
NA
CVE-2022-36330
A buffer overflow vulnerability exists on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise ...
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Home Firmware
NA
CVE-2023-22813
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a p...
Westerndigital My Cloud
Westerndigital Sandisk Ibi
Westerndigital My Cloud Home
Westerndigital My Cloud Os 5
NA
CVE-2021-36224
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
Westerndigital My Cloud Os
NA
CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
Westerndigital My Cloud Os
NA
CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Westerndigital My Cloud Os
NA
CVE-2022-29844
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
NA
CVE-2022-29843
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions before 5.26.119 allows an malicious user to execute code in the context of the root user.
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »