My Cloud Home Security Vulnerabilities

CVE-2020-10951

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

CVE-2023-22813

A device APIendpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy...