Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital my cloud vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-22993
A limited SSRF vulnerability exists on Western Digital My Cloud devices that could allow an malicious user to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-22994
A remote code execution vulnerability exists on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disablin...
Westerndigital My Cloud Os
7.8
CVSSv3
CVE-2021-3310
Western Digital My Cloud OS 5 devices prior to 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
Westerndigital My Cloud Os
1 Github repository
4.6
CVSSv3
CVE-2022-29838
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions before 5...
Westerndigital My Cloud Os
5.5
CVSSv3
CVE-2022-29840
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the l...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2020-28970
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an aut...
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2020-29563
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2020-28940
On Western Digital My Cloud OS 5 devices prior to 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
Westerndigital My Cloud Os 5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »