Western Digital MyCloud NAS - Authentication Bypass

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

CVE-2026-4204

Affected products: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW, DNS-321, DNR-322L, DNS-323, DNS-325/326/327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04. Root cause: The CGI endpoints in /cgi-bin/gui_mgr.cgi (cgi_myfavorite_add/…/cgi_mycloud_au...

EUVD-2020-4739

Malware in sbrugna...

EUVD-2016-1298

Malware in sbrugna...

EUVD-2018-19640

Malware in sbrugna...

EUVD-2023-27446

Malicious code in bioql PyPI...

CVE-2020-12427

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...

CVE-2020-8960

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...

CVE-2024-30150

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery SSRF and Denial of ServiceDOS attacks from unauthenticated users...

CVE-2024-30150

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery SSRF and Denial of ServiceDOS attacks from unauthenticated users...

CVE-2024-30150 An unauthenticated privilege escalation vulnerability affects HCL MyCloud

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery SSRF and Denial of ServiceDOS attacks from unauthenticated users...

CVE-2024-30150

HCL MyCloud is affected by an improper access control vulnerability that enables unauthenticated privilege escalation. Reported to allow information disclosure and may enable SSRF and Denial of Service from unauthenticated users. Some sources cite HCL MyCloud v10.8.1 as affected; others do not sp...

CVE-2024-30150 An unauthenticated privilege escalation vulnerability affects HCL MyCloud

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery SSRF and Denial of ServiceDOS attacks from unauthenticated users...

PT-2025-7937

Name of the Vulnerable Software and Affected Versions HCL MyCloud affected versions not specified Description The issue is related to Improper Access Control, which is an unauthenticated privilege escalation vulnerability. This may lead to information disclosure and has the potential for...

HCL MyCloud 安全漏洞

HCL MyCloud is a hybrid cloud lifecycle management product from HCL India that provides optimal governance and monitoring of cloud infrastructures. A security vulnerability exists in HCL MyCloud version 10.8.1, which stems from improper access control and could lead to elevation of privilege,...

Western Digital MyCloud PR4100 ddns-start Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start...

VulnCheck KEV: CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from the lack...

(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from...

VulnCheck KEV: CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...