My Cloud Os CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-3310	1 Westerndigital	9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more	2024-11-21	7.8 High
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
CVE-2021-36224	1 Westerndigital	2 My Cloud Os, My Cloud Pr4100	2024-11-21	9.8 Critical
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVE-2020-29563	1 Westerndigital	6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more	2024-11-21	9.8 Critical
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
CVE-2020-28971	1 Westerndigital	6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more	2024-11-21	9.8 Critical
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
CVE-2020-28970	1 Westerndigital	6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more	2024-11-21	9.8 Critical
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)
CVE-2020-28940	1 Westerndigital	6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more	2024-11-21	9.8 Critical
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

« first previous Page 2 of 2.