19 matches found
CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker...
CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...
CVE-2020-29563
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device...
CVE-2020-12830
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114...
CVE-2020-27158
The CVE-2020-27158 entry affects Western Digital My Cloud NAS devices. A remote code execution flaw in cgi_api.php could allow privilege escalation, with impact on devices running firmware before 5.04.114. The vulnerability is described as enabling arbitrary code execution on the affected system,...
Session fixation
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation...
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token aka PHPSESSID in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a produc...
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token aka PHPSESSID in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a produc...
Western Digital My Cloud Products Authentication Bypass and Remote Command Injection Vulnerability
Western Digital My Cloud Products are prone to an authentication bypass and multiple remote command injection vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Western Digital My Cloud Command Injection / File Upload Vulnerabilities
Exploit for hardware platform in category web applications title: Unauthenticated OS command injection & arbitrary file upload product: Western Digital My Cloud vulnerable version: at least: 2.21.126 My Cloud, 2.11.157My Cloud EX2, 2.21.126 My Cloud EX2 Ultra, 2.11.157 My Cloud EX4, 2.21.126 My...
WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass
Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description Itas possible to execute arbitra...
WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Vulnerabilities
Exploit for hardware platform in category web applications Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/...
WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution
Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description It’s possible to execute arbitra...
Western Digital My Cloud Command Injection
Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link: http://download.wdc.com/nas/sq-040104-422-20150423.deb.zip Exploit Author: James Sibley absane ; twitter =...
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link: http://download.wdc.com/nas/sq-040104-422-20150423.deb.zip Exploit Author: James Sibley absane ; twitter =...
CVE-2014-5876
The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5876
CVE-2014-5876 affects the WD My Cloud Android app (version 4.0.0). The application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive information via a crafted certificate. The connected sources corroborate this descript...
CVE-2014-5876
The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...