Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-27744
An issue exists on Western Digital My Cloud NAS devices prior to 5.04.114. They allow remote code execution with resultant escalation of privileges.
Westerndigital My Cloud Firmware
NA
CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Westerndigital My Cloud Os
668
VMScore
CVE-2020-27160
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114 (issue 3 of 3).
Westerndigital My Cloud Firmware
890
VMScore
CVE-2020-27159
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices before 5.04.114
Westerndigital My Cloud Firmware
668
VMScore
CVE-2020-12830
Addressed multiple stack buffer overflow vulnerabilities that could allow an malicious user to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices prior to 5.04.114.
Westerndigital My Cloud Firmware
668
VMScore
CVE-2020-29563
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
Westerndigital My Cloud Os 5
668
VMScore
CVE-2020-28940
On Western Digital My Cloud OS 5 devices prior to 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
Westerndigital My Cloud Os 5
445
VMScore
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for malicious users to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authenticati...
Westerndigital My Cloud Firmware 04.05.00-320
NA
CVE-2023-22814
An authentication bypass issue via spoofing exists in the token-based authentication mechanism that could allow an malicious user to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: prior to 5.26.202.
Westerndigital My Cloud Os
NA
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attac...
Westerndigital My Cloud Os
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »