Gardyn Home Kit (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment. 2. RECOMMENDED...

CVE-2023-53881

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

CVE-2023-53881

CVE-2023-53881 affects ReyeeOS 1.204.1614 and stems from unencrypted CWMP communications that enable a man-in-the-middle to intercept and manipulate device traffic. The vulnerability allows an attacker to impersonate a CWMP server and inject/execute arbitrary commands on Ruijie Reyee Cloud device...

CVE-2023-53881 ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

PT-2025-51299

Name of the Vulnerable Software and Affected Versions ReyeeOS version 1.204.1614 Description ReyeeOS version 1.204.1614 contains an unencrypted CWMP communication issue that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create ...

EUVD-2019-19304

Malware in sbrugna...

EUVD-2022-28101

Malicious code in bioql PyPI...

EUVD-2022-28103

Malicious code in bioql PyPI...

CVE-2021-36226

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files...

CVE-2020-25765

Addressed remote code execution vulnerability in regdevice.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140...

CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...

CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...

CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...

CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...

CVE-2022-22992

CVE-2022-22992 describes a command-injection remote code execution on Western Digital My Cloud devices. The vulnerability arises from improper handling of user-provided input that is used in shell calls, with the fix noted as escaping individual arguments to shell functions. Reported impacts incl...

PT-2022-15762 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Devices affected versions not specified Description: A command injection remote code execution issue was discovered that could allow an attacker to execute arbitrary system commands on the device. The issue was...

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...