Westerndigital My_cloud_mirror_gen_2

12 CVEs affecting Westerndigital My_cloud_mirror_gen_2. Latest disclosed: 2022-03-25. Critical: 6, High: 6.

Top CVEs affecting Westerndigital My_cloud_mirror_gen_2
CVESeverityScorePublishedSummary
CVE-2022-22995Critical10.02022-03-25The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p…
CVE-2022-22989Critical9.82022-01-13My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the…
CVE-2020-29563Critical9.82020-12-12An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28971Critical9.82020-12-01An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28970Critical9.82020-12-01An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28940Critical9.82020-12-01On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticate…
CVE-2022-22994High8.82022-01-28A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an uns…
CVE-2022-22993High7.82022-01-28A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the…
CVE-2022-22992High7.82022-01-28A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary sy…
CVE-2022-22991High7.82022-01-13A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP cal…
CVE-2022-22990High7.82022-01-13A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cl…
CVE-2021-3310High7.82021-03-10Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information…