Westerndigital My_cloud_mirror_g2
18 CVEs affecting Westerndigital My_cloud_mirror_g2. Latest disclosed: 2024-02-05. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22814 | Critical | 10.0 | 2023-07-01 | An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonati… |
CVE-2022-36331 | Critical | 10.0 | 2023-06-12 | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica… |
CVE-2022-29842 | Critical | 9.8 | 2023-05-10 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context o… |
CVE-2022-22999 | High | 8.2 | 2022-07-25 | Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to driv… |
CVE-2022-29841 | High | 8.0 | 2023-05-10 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a pr… |
CVE-2022-23000 | High | 7.3 | 2022-07-25 | The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to… |
CVE-2022-29844 | Medium | 6.7 | 2023-01-26 | A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write ar… |
CVE-2023-22815 | Medium | 6.2 | 2023-06-30 | Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context… |
CVE-2022-29843 | Medium | 6.2 | 2023-01-26 | A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows… |
CVE-2023-22816 | Medium | 6.0 | 2023-06-30 | A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files… |
CVE-2022-36328 | Medium | 5.8 | 2023-05-18 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra… |
CVE-2022-36327 | Medium | 5.8 | 2023-05-18 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert… |
CVE-2023-22817 | Medium | 5.5 | 2024-02-05 | Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back… |
CVE-2022-29840 | Medium | 5.1 | 2023-05-10 | Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter w… |
CVE-2023-22819 | Medium | 4.9 | 2024-02-05 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua… |
CVE-2022-36326 | Medium | 4.4 | 2023-05-18 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua… |
CVE-2022-29838 | Medium | 4.3 | 2022-12-09 | Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the… |
CVE-2022-29839 | Medium | 4.1 | 2022-12-09 | Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has g… |