Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-22992
A command injection remote code execution vulnerability exists on Western Digital My Cloud Devices that could allow an malicious user to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming fro...
Westerndigital My Cloud Os
10
CVSSv2
CVE-2020-27744
An issue exists on Western Digital My Cloud NAS devices prior to 5.04.114. They allow remote code execution with resultant escalation of privileges.
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-25765
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices before 5.4.1140.
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-27158
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114.
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-27159
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices before 5.04.114
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, ...
Westerndigital My Book Live Firmware
1 Github repository
1 Article
10
CVSSv2
CVE-2018-1151
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote malicious users to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.
Westerndigital Tv Live Hub Firmware 3.12.13
Westerndigital Tv Media Player Firmware 1.03.07
2 Github repositories
10
CVSSv2
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
9
CVSSv2
CVE-2019-9949
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitra...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
8.3
CVSSv2
CVE-2022-22993
A limited SSRF vulnerability exists on Western Digital My Cloud devices that could allow an malicious user to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Westerndigital My Cloud Os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »