Western Digital MyCloud NAS - Authentication Bypass

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

CVE-2025-30248

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...

CVE-2025-30248

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...

CVE-2025-30248

CVE-2025-30248 involves DLL hijacking in the WD Discovery Installer for Western Digital WD Discovery on Windows (version 5.2.730). A local attacker can execute arbitrary code by placing a crafted DLL in the installer’s search path. The relevant connected sources confirm the vulnerable component i...

CVE-2025-30248

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...

CVE-2025-30248

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...

EUVD-2025-206380

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...

Western Digital WD Discovery security vulnerabilities

Western Digital WD Discovery is a comprehensive management desktop software developed by Western Digital Corporation. Version 5.2.730 of Western Digital WD Discovery contains a security vulnerability, which stems from DLL hijacking within the WD Discovery Installer. This vulnerability may allow f...

PT-2026-4833

Name of the Vulnerable Software and Affected Versions Western Digital WD Discovery version 5.2.730 Description A flaw exists in the WD Discovery Installer that allows a local attacker to execute arbitrary code. This is possible through DLL hijacking by placing a crafted DLL in the installer’s...

CVE-2021-33205

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as...

CVE-2021-28653

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...

CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...

CVE-2019-18929

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users including guest accounts to remotely execute arbitrary code via a downloadmgr.cgi stack-based buffer overflow...

CVE-2019-18930

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users including guest account to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and downloadmgr.cgi makes it possible to enter large-sized...

CVE-2019-18931

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer EIP control via crafted GET/POST parameters...

CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

CVE-2020-12830

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114...

CVE-2020-10951

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...

Western Digital My Cloud Multiple Products Multiple Vulnerabilities (WDC-25009)

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2020-5112

Malware in sbrugna...