Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36330
A buffer overflow vulnerability exists on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise ...
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
Westerndigital My Cloud Home Firmware
4.3
CVSSv2
CVE-2013-5006
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote malicious users to discover the cleartext administrative password by reading the "var pass="...
Westerndigital My Net N900 -
Westerndigital My Net N900c -
Westerndigital My Net N750 -
1 EDB exploit
NA
CVE-2023-22813
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a p...
Westerndigital My Cloud
Westerndigital Sandisk Ibi
Westerndigital My Cloud Home
Westerndigital My Cloud Os 5
7.5
CVSSv2
CVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an malicious user to execute unsigned code on My Cloud Home devices.
Westerndigital My Cloud Home Duo Firmware
Westerndigital My Cloud Home Firmware
5
CVSSv2
CVE-2022-22998
Implemented protections on AWS credentials that were not properly protected.
Westerndigital My Cloud Home Duo Firmware
Westerndigital My Cloud Home Firmware
4.4
CVSSv2
CVE-2020-8959
Western Digital WesternDigitalSSDDashboardSetup.exe prior to 3.0.2.0 allows DLL Hijacking.
Westerndigital Sandiskssddashboardsetup.exe
Westerndigital Westerndigitalssddashboardsetup.exe
5
CVSSv2
CVE-2021-35941
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
Westerndigital Wd My Book Live Firmware
Westerndigital Wd My Book Live Duo Firmware
4.3
CVSSv2
CVE-2020-10951
Western Digital My Cloud Home and ibi devices prior to 2.2.0 allow clickjacking on sign-in pages.
Westerndigital Ibi
Westerndigital My Cloud Home
10
CVSSv2
CVE-2018-1151
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote malicious users to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.
Westerndigital Tv Live Hub Firmware 3.12.13
Westerndigital Tv Media Player Firmware 1.03.07
2 Github repositories
6.4
CVSSv2
CVE-2022-22988
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated malicious user to now traverse through the files and directories. This can only be exploited once an attacker has ...
Westerndigital Edgerover
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »