Westerndigital My_cloud_firmware
12 CVEs affecting Westerndigital My_cloud_firmware. Latest disclosed: 2023-06-12. Critical: 10, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36331 | Critical | 10.0 | 2023-06-12 | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica… |
CVE-2022-22995 | Critical | 10.0 | 2022-03-25 | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p… |
CVE-2020-27744 | Critical | 9.8 | 2020-10-29 | An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. |
CVE-2020-27160 | Critical | 9.8 | 2020-10-27 | Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04… |
CVE-2020-27159 | Critical | 9.8 | 2020-10-27 | Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My… |
CVE-2020-27158 | Critical | 9.8 | 2020-10-27 | Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. |
CVE-2020-25765 | Critical | 9.8 | 2020-10-27 | Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1… |
CVE-2020-12830 | Critical | 9.8 | 2020-10-27 | Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code ex… |
CVE-2019-9950 | Critical | 9.8 | 2019-04-24 | Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My… |
CVE-2018-9148 | Critical | 9.8 | 2018-03-30 | Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentic… |
CVE-2019-9949 | High | 8.8 | 2019-05-23 | Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execu… |
CVE-2022-23000 | High | 7.3 | 2022-07-25 | The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to… |