My Cloud Os Security Vulnerabilities - CVSS Score 9 - 10
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
9.8CVSS
9.4AI Score
0.002EPSS
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
9.8CVSS
9.4AI Score
0.004EPSS
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
9.8CVSS
9.5AI Score
0.003EPSS
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
9.8CVSS
9.9AI Score
0.006EPSS
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks fo...
9.8CVSS
9.5AI Score
0.067EPSS
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to ...
9.8CVSS
9.5AI Score
0.002EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.2...
9.8CVSS
9.6AI Score
0.002EPSS