Westerndigital My_cloud

25 CVEs affecting Westerndigital My_cloud. Latest disclosed: 2023-07-01. Critical: 7, High: 8.

Top CVEs affecting Westerndigital My_cloud
CVESeverityScorePublishedSummary
CVE-2023-22814Critical10.02023-07-01An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonati…
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-22995Critical10.02022-03-25The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p…
CVE-2022-29842Critical9.82023-05-10Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context o…
CVE-2022-22989Critical9.82022-01-13My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the…
CVE-2019-9950Critical9.82019-04-24Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My…
CVE-2018-9148Critical9.82018-03-30Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentic…
CVE-2022-22994High8.82022-01-28A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an uns…
CVE-2019-9949High8.82019-05-23Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execu…
CVE-2022-29841High8.02023-05-10Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a pr…
CVE-2022-22993High7.82022-01-28A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the…
CVE-2022-22992High7.82022-01-28A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary sy…
CVE-2022-22991High7.82022-01-13A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP cal…
CVE-2022-22990High7.82022-01-13A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cl…
CVE-2022-23000High7.32022-07-25The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to…
CVE-2023-22815Medium6.22023-06-30Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context…
CVE-2023-22816Medium6.02023-06-30A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files…
CVE-2022-36328Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra…
CVE-2022-36327Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert…
CVE-2022-29840Medium5.12023-05-10Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter w…