Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
Westerndigital Mycloud.com
1 Github repository
NA
CVE-2014-2846
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware prior to 10.2.9 allows remote malicious users to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang ...
Westerndigital Arkeia Virtual Appliance Firmware
1 EDB exploit
9.8
CVSSv3
CVE-2020-28970
An issue exists on Western Digital My Cloud OS 5 devices prior to 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an aut...
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, ...
Westerndigital My Book Live Firmware
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-12830
Addressed multiple stack buffer overflow vulnerabilities that could allow an malicious user to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices prior to 5.04.114.
Westerndigital My Cloud Firmware
8.8
CVSSv3
CVE-2021-33205
Western Digital EdgeRover prior to 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious ac...
Westerndigital Edgerover
5.3
CVSSv3
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality o...
Westerndigital Wd Discovery
7.4
CVSSv3
CVE-2023-22812
SanDisk PrivateAccess versions before 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Westerndigital Sandisk Privateaccess
4.6
CVSSv3
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions prior to 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old ...
Westerndigital My Cloud
9.8
CVSSv3
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »