Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-16399
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an malicious user to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root pa...
Westerndigital Wd My Book Firmware
1 EDB exploit
10
CVSSv2
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, ...
Westerndigital My Book Live Firmware
1 Github repository
1 Article
9
CVSSv2
CVE-2019-9949
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitra...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
7.5
CVSSv2
CVE-2019-9950
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware prior to 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file che...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
3.6
CVSSv2
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions prior to 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old ...
Westerndigital My Cloud
10
CVSSv2
CVE-2018-1151
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote malicious users to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.
Westerndigital Tv Live Hub Firmware 3.12.13
Westerndigital Tv Media Player Firmware 1.03.07
2 Github repositories
5
CVSSv2
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for malicious users to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authenticati...
Westerndigital My Cloud Firmware 04.05.00-320
10
CVSSv2
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
5.4
CVSSv2
CVE-2014-5876
The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Westerndigital Wd My Cloud 4.0.0
7.5
CVSSv2
CVE-2014-2846
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware prior to 10.2.9 allows remote malicious users to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang ...
Westerndigital Arkeia Virtual Appliance Firmware
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »