Westerndigital My_cloud_home

16 CVEs affecting Westerndigital My_cloud_home. Latest disclosed: 2024-02-05. Critical: 2, High: 1.

Top CVEs affecting Westerndigital My_cloud_home
CVESeverityScorePublishedSummary
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-22995Critical10.02022-03-25The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p…
CVE-2022-22998High8.02022-07-12Implemented protections on AWS credentials that were not properly protected.
CVE-2022-22997Medium6.82022-07-12Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacke…
CVE-2022-36328Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra…
CVE-2022-36327Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert…
CVE-2023-22817Medium5.52024-02-05Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back…
CVE-2023-22819Medium4.92024-02-05An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-29837Medium4.72022-12-01A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate inst…
CVE-2020-10951Medium4.72020-04-15Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
CVE-2022-36326Medium4.42023-05-18An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-36329Medium4.42023-05-10An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cl…
CVE-2023-22813Low3.32023-05-08 A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile A…
CVE-2022-36330Low1.92023-05-10A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My…
CVE-2022-29836Low1.92022-11-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; M…
CVE-2022-23006Low1.82022-09-27A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessi…