A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
9.8CVSS
9.3AI Score
0.006EPSS
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: bef...
10CVSS
7.8AI Score
0.001EPSS