Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attac...
Westerndigital My Cloud Os
8.8
CVSSv3
CVE-2023-22816
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an malicious user to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: prior to 5.26.300.
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2020-25765
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices before 5.4.1140.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-27158
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114.
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-27159
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices before 5.04.114
Westerndigital My Cloud Firmware
9.8
CVSSv3
CVE-2020-27160
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114 (issue 3 of 3).
Westerndigital My Cloud Firmware
8.8
CVSSv3
CVE-2020-12427
The Western Digital WD Discovery application prior to 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
Westerndigital Wd Discovery
9.8
CVSSv3
CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
Westerndigital My Cloud Os
9.8
CVSSv3
CVE-2020-29563
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
Westerndigital My Cloud Os 5
7.8
CVSSv3
CVE-2020-29654
Western Digital Dashboard prior to 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
Westerndigital Dashboard
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »