My Cloud Os@* Security Vulnerabilities and Issues — My Cloud Os@* CVE List

Lucene search

WesterndigitalMy Cloud Os*

8 matches found

CVE•added 2022/01/28 8:15 p.m.•348 views

CVE-2022-22993

A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.

8.8CVSS8.2AI score0.00057EPSS

CVE•added 2022/01/28 8:15 p.m.•111 views

CVE-2022-22994

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks fo...

9.8CVSS9.4AI score0.00796EPSS

CVE•added 2022/01/13 9:15 p.m.•94 views

CVE-2022-22989

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.

9.8CVSS9.6AI score0.01234EPSS

CVE•added 2022/01/13 9:15 p.m.•74 views

CVE-2022-22991

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.

8.8CVSS8.4AI score0.00084EPSS

CVE•added 2022/01/28 8:15 p.m.•73 views

CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

10CVSS9.4AI score0.0067EPSS

CVE•added 2022/01/13 9:15 p.m.•69 views

CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

8.8CVSS8.9AI score0.016EPSS

CVE•added 2022/12/09 6:15 p.m.•47 views

CVE-2022-29838

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

4.6CVSS4.5AI score0.00086EPSS

CVE•added 2022/12/09 6:15 p.m.•42 views

CVE-2022-29839

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud ...

5.5CVSS4.7AI score0.0004EPSS