Westerndigital My_cloud_ex2_ultra
33 CVEs affecting Westerndigital My_cloud_ex2_ultra. Latest disclosed: 2024-02-05. Critical: 11, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22814 | Critical | 10.0 | 2023-07-01 | An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonati… |
CVE-2022-36331 | Critical | 10.0 | 2023-06-12 | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica… |
CVE-2022-22995 | Critical | 10.0 | 2022-03-25 | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p… |
CVE-2022-29842 | Critical | 9.8 | 2023-05-10 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context o… |
CVE-2022-22989 | Critical | 9.8 | 2022-01-13 | My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the… |
CVE-2020-29563 | Critical | 9.8 | 2020-12-12 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticate… |
CVE-2020-28971 | Critical | 9.8 | 2020-12-01 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate… |
CVE-2020-28970 | Critical | 9.8 | 2020-12-01 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate… |
CVE-2020-28940 | Critical | 9.8 | 2020-12-01 | On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticate… |
CVE-2020-27744 | Critical | 9.8 | 2020-10-29 | An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. |
CVE-2019-9950 | Critical | 9.8 | 2019-04-24 | Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My… |
CVE-2022-22994 | High | 8.8 | 2022-01-28 | A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an uns… |
CVE-2019-9949 | High | 8.8 | 2019-05-23 | Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execu… |
CVE-2022-22999 | High | 8.2 | 2022-07-25 | Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to driv… |
CVE-2022-29841 | High | 8.0 | 2023-05-10 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a pr… |
CVE-2022-22993 | High | 7.8 | 2022-01-28 | A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the… |
CVE-2022-22992 | High | 7.8 | 2022-01-28 | A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary sy… |
CVE-2022-22991 | High | 7.8 | 2022-01-13 | A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP cal… |
CVE-2022-22990 | High | 7.8 | 2022-01-13 | A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cl… |
CVE-2021-3310 | High | 7.8 | 2021-03-10 | Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information… |