Filtered by vendor Westerndigital
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22990 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 7.8 High |
| A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | ||||
| CVE-2022-22989 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 9.8 Critical |
| My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues. | ||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2024-11-21 | 7.7 High |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | ||||
| CVE-2021-3310 | 1 Westerndigital | 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more | 2024-11-21 | 7.8 High |
| Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). | ||||
| CVE-2021-36226 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-11-21 | 9.8 Critical |
| Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. | ||||
| CVE-2021-36225 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-11-21 | 8.8 High |
| Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. | ||||
| CVE-2021-36224 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-11-21 | 9.8 Critical |
| Western Digital My Cloud devices before OS5 have a nobody account with a blank password. | ||||
| CVE-2021-35941 | 1 Westerndigital | 4 Wd My Book Live, Wd My Book Live Duo, Wd My Book Live Duo Firmware and 1 more | 2024-11-21 | 7.5 High |
| Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | ||||
| CVE-2021-33205 | 1 Westerndigital | 1 Edgerover | 2024-11-21 | 8.8 High |
| Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials. | ||||
| CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2024-11-21 | 6.5 Medium |
| The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | ||||
| CVE-2020-8960 | 1 Westerndigital | 1 Mycloud.com | 2024-11-21 | 6.1 Medium |
| Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | ||||
| CVE-2020-8959 | 1 Westerndigital | 2 Sandiskssddashboardsetup.exe, Westerndigitalssddashboardsetup.exe | 2024-11-21 | 7.8 High |
| Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. | ||||
| CVE-2020-29654 | 1 Westerndigital | 1 Dashboard | 2024-11-21 | 7.8 High |
| Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | ||||
| CVE-2020-29563 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. | ||||
| CVE-2020-28971 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. | ||||
| CVE-2020-28970 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.) | ||||
| CVE-2020-28940 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2024-11-21 | 9.8 Critical |
| On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | ||||
| CVE-2020-27744 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Firmware and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. | ||||
| CVE-2020-27160 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-11-21 | 9.8 Critical |
| Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | ||||
| CVE-2020-27159 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-11-21 | 9.8 Critical |
| Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | ||||