Westerndigital My_cloud_pr2100

37 CVEs affecting Westerndigital My_cloud_pr2100. Latest disclosed: 2024-02-05. Critical: 16, High: 10.

Top CVEs affecting Westerndigital My_cloud_pr2100
CVESeverityScorePublishedSummary
CVE-2023-22814Critical10.02023-07-01An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonati…
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-22995Critical10.02022-03-25The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p…
CVE-2022-29842Critical9.82023-05-10Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context o…
CVE-2022-22989Critical9.82022-01-13My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the…
CVE-2020-29563Critical9.82020-12-12An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28971Critical9.82020-12-01An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28970Critical9.82020-12-01An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticate…
CVE-2020-28940Critical9.82020-12-01On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticate…
CVE-2020-27744Critical9.82020-10-29An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
CVE-2020-27160Critical9.82020-10-27Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04…
CVE-2020-27159Critical9.82020-10-27Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My…
CVE-2020-27158Critical9.82020-10-27Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
CVE-2020-25765Critical9.82020-10-27Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1…
CVE-2020-12830Critical9.82020-10-27Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code ex…
CVE-2019-9950Critical9.82019-04-24Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My…
CVE-2022-22994High8.82022-01-28A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an uns…
CVE-2019-9949High8.82019-05-23Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execu…
CVE-2022-22999High8.22022-07-25Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to driv…
CVE-2022-29841High8.02023-05-10Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a pr…