Westerndigital My_cloud_mirror_g2

18 CVEs affecting Westerndigital My_cloud_mirror_g2. Latest disclosed: 2024-02-05. Critical: 3, High: 3.

Top CVEs affecting Westerndigital My_cloud_mirror_g2
CVESeverityScorePublishedSummary
CVE-2023-22814Critical10.02023-07-01An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonati…
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-29842Critical9.82023-05-10Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context o…
CVE-2022-22999High8.22022-07-25Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to driv…
CVE-2022-29841High8.02023-05-10Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a pr…
CVE-2022-23000High7.32022-07-25The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to…
CVE-2022-29844Medium6.72023-01-26A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write ar…
CVE-2023-22815Medium6.22023-06-30Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context…
CVE-2022-29843Medium6.22023-01-26A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows…
CVE-2023-22816Medium6.02023-06-30A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files…
CVE-2022-36328Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra…
CVE-2022-36327Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert…
CVE-2023-22817Medium5.52024-02-05Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back…
CVE-2022-29840Medium5.12023-05-10Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter w…
CVE-2023-22819Medium4.92024-02-05An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-36326Medium4.42023-05-18An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-29838Medium4.32022-12-09Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the…
CVE-2022-29839Medium4.12022-12-09Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has g…