2 matches found
CVE-2016-10108
CVE-2016-10108 : Western Digital MyCloud NAS (around version 2.11.142) is vulnerable to an unauthenticated remote command injection via the POST parameter arg in the /web/google_analytics.php endpoint, enabling potential root access. The CVSS metrics listed (3.0: 9.8, CRITICAL; 2.0: 10.0) reflect...
CVE-2016-10107
CVE-2016-10107 is an unauthenticated remote command‑injection vulnerability in Western Digital My Cloud NAS, affecting at least version 2.11.142 where an attacker can exploit a modified cookie header in index.php to execute arbitrary commands as root. Multiple sources corroborate the issue as a r...