Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices prior to 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices prior to 9.5.1-104.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
westerndigital my_cloud_pr2100_firmware |
||
westerndigital my_cloud_pr4100_firmware |
||
westerndigital my_cloud_ex4100_firmware |
||
westerndigital my_cloud_ex2_ultra_firmware |
||
westerndigital my_cloud_mirror_g2_firmware |
||
westerndigital my_cloud_dl2100_firmware |
||
westerndigital my_cloud_dl4100_firmware |
||
westerndigital my_cloud_ex2100_firmware |
||
westerndigital my_cloud_glacier_firmware |
||
westerndigital wd_cloud_firmware |
||
westerndigital my_cloud_home_firmware |
||
westerndigital my_cloud_home_duo_firmware |
||
westerndigital sandisk_ibi_firmware |
Vulmon