Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-27744
An issue exists on Western Digital My Cloud NAS devices prior to 5.04.114. They allow remote code execution with resultant escalation of privileges.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2021-36224
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
Westerndigital My Cloud Os
8.8
CVSSv3
CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Westerndigital My Cloud Os
7.8
CVSSv3
CVE-2021-3310
Western Digital My Cloud OS 5 devices prior to 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
Westerndigital My Cloud Os
1 Github repository
9.8
CVSSv3
CVE-2020-28971
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
Westerndigital My Cloud Os 5
6.5
CVSSv3
CVE-2021-28653
The iOS and macOS apps prior to 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
Westerndigital Armorlock
9.8
CVSSv3
CVE-2020-28940
On Western Digital My Cloud OS 5 devices prior to 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggere...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an malicious user to execute code in the context of the root user on a vulnerable CGI file exists in Western Digital My Cloud OS 5 devicesThis issue affect...
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2023-22814
An authentication bypass issue via spoofing exists in the token-based authentication mechanism that could allow an malicious user to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: prior to 5.26.202.
Westerndigital My Cloud Os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »