Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud os vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28971
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
Westerndigital My Cloud Os 5
8.8
CVSSv3
CVE-2023-22816
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an malicious user to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: prior to 5.26.300.
Westerndigital My Cloud Os
7.8
CVSSv3
CVE-2021-3310
Western Digital My Cloud OS 5 devices prior to 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
Westerndigital My Cloud Os
1 Github repository
7.5
CVSSv3
CVE-2022-36331
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated malicious user to gain access to user data. This issue affects My Cloud OS 5 devices: prior to 5.25.132; My Cloud Hom...
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Firmware
6.7
CVSSv3
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attac...
Westerndigital My Cloud Os
5.5
CVSSv3
CVE-2023-22817
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was ad...
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Glacier Firmware
Westerndigital Wd Cloud Firmware
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
5.5
CVSSv3
CVE-2022-29840
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the l...
Westerndigital My Cloud Os
4.9
CVSSv3
CVE-2023-22819
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted exists in Western Digital My Cloud Home, My Cloud Home Duo, SanD...
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Glacier Firmware
Westerndigital Wd Cloud Firmware
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
4.9
CVSSv3
CVE-2022-36326
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted exists in Western Digital My Cloud Home, My Cloud Home Duo, SanD...
Westerndigital My Cloud Os 5
Westerndigital My Cloud Home Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Home Duo Firmware
4.9
CVSSv3
CVE-2022-36328
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an malicious user to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations exists in Weste...
Westerndigital My Cloud Os 5
Westerndigital My Cloud Home Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Home Duo Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »