An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-01T15:32:12
Updated: 2024-08-04T16:48:01.191Z
Reserved: 2020-11-20T00:00:00
Link: CVE-2020-28970
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-12-01T16:15:10.940
Modified: 2022-04-26T16:57:47.923
Link: CVE-2020-28970
Redhat
No data.