Lucene search
K

19 matches found

Cvelist
Cvelist
added 2023/01/25 12:0 a.m.33 views

CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker...

6.7CVSS9.6AI score0.36405EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/25 6:47 p.m.29 views

CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

8.2CVSS8.4AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2020/12/12 12:15 a.m.16 views

CVE-2020-29563

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device...

9.8CVSS9.9AI score0.02887EPSS
Exploits0References2
NVD
NVD
added 2020/10/27 8:15 p.m.17 views

CVE-2020-12830

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114...

9.8CVSS10AI score0.03189EPSS
Exploits0References2
CVE
CVE
added 2020/10/27 7:46 p.m.79 views

CVE-2020-27158

The CVE-2020-27158 entry affects Western Digital My Cloud NAS devices. A remote code execution flaw in cgi_api.php could allow privilege escalation, with impact on devices running firmware before 5.04.114. The vulnerability is described as enabling arbitrary code execution on the affected system,...

10CVSS9.9AI score0.07191EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/20 10:15 p.m.10 views

Session fixation

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation...

6.4CVSS9.2AI score0.00997EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/03/30 7:29 p.m.19 views

CVE-2018-9148

Western Digital WD My Cloud v04.05.00-320 devices embed the session token aka PHPSESSID in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a produc...

9.8CVSS7.8AI score0.03786EPSS
Exploits1References1
OSV
OSV
added 2018/03/30 7:29 p.m.2 views

CVE-2018-9148

Western Digital WD My Cloud v04.05.00-320 devices embed the session token aka PHPSESSID in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a produc...

9.8CVSS5.7AI score0.03786EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2017/11/30 12:0 a.m.87 views

Western Digital My Cloud Products Authentication Bypass and Remote Command Injection Vulnerability

Western Digital My Cloud Products are prone to an authentication bypass and multiple remote command injection vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

10CVSS10AI score0.86586EPSS
Exploits6References6
0day.today
0day.today
added 2017/03/08 12:0 a.m.43 views

Western Digital My Cloud Command Injection / File Upload Vulnerabilities

Exploit for hardware platform in category web applications title: Unauthenticated OS command injection & arbitrary file upload product: Western Digital My Cloud vulnerable version: at least: 2.21.126 My Cloud, 2.11.157My Cloud EX2, 2.21.126 My Cloud EX2 Ultra, 2.11.157 My Cloud EX4, 2.21.126 My...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/25 12:0 a.m.34 views

WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass

Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description Itas possible to execute arbitra...

0.6AI score
Exploits0
0day.today
0day.today
added 2017/01/24 12:0 a.m.22 views

WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/24 12:0 a.m.52 views

WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution

Exploit Title: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass Date: 24.01.2017 Software Link: https://www.wdc.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description It’s possible to execute arbitra...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/09/30 12:0 a.m.48 views

Western Digital My Cloud Command Injection

Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link: http://download.wdc.com/nas/sq-040104-422-20150423.deb.zip Exploit Author: James Sibley absane ; twitter =...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2015/09/29 12:0 a.m.51 views

Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection

Exploit Title: Western Digital My Cloud Command Injection Vendor Homepage: http://www.wdc.com Firmware tested: 04.01.03-421 and 04.01.04-422 for the Personal Cloud devices Firmware link: http://download.wdc.com/nas/sq-040104-422-20150423.deb.zip Exploit Author: James Sibley absane ; twitter =...

7.4AI score
Exploits0
NVD
NVD
added 2014/09/11 10:55 a.m.10 views

CVE-2014-5876

The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References3
Prion
Prion
added 2014/09/11 10:55 a.m.12 views

Information disclosure

The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/09/11 10:0 a.m.53 views

CVE-2014-5876

CVE-2014-5876 affects the WD My Cloud Android app (version 4.0.0). The application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive information via a crafted certificate. The connected sources corroborate this descript...

5.4CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/11 10:0 a.m.20 views

CVE-2014-5876

The WD My Cloud aka com.wdc.wd2go application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00271EPSS
Exploits0References3
Rows per page
Query Builder