Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

My Cloud Os 5 Security Vulnerabilities

cve
cve

CVE-2020-28940

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

9.8CVSS

9.8AI Score

0.007EPSS

2020-12-01 04:15 PM
25
cve
cve

CVE-2020-28970

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated ad...

9.8CVSS

9.6AI Score

0.007EPSS

2020-12-01 04:15 PM
45
cve
cve

CVE-2020-28971

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.

9.8CVSS

9.7AI Score

0.007EPSS

2020-12-01 04:15 PM
25
cve
cve

CVE-2020-29563

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

9.8CVSS

9.8AI Score

0.003EPSS

2020-12-12 12:15 AM
70
5
cve
cve

CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and...

4.9CVSS

5.3AI Score

0.001EPSS

2023-05-18 06:15 PM
16
cve
cve

CVE-2022-36327

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...

9.8CVSS

10AI Score

0.004EPSS

2023-05-18 06:15 PM
18
cve
cve

CVE-2022-36328

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, M...

5.8CVSS

5.8AI Score

0.001EPSS

2023-05-18 06:15 PM
18
cve
cve

CVE-2023-22813

A device APIendpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy...

4.3CVSS

4.4AI Score

0.001EPSS

2023-05-08 11:15 PM
18