My Cloud Os Security Vulnerabilities and Issues — My Cloud Os CVE List

Lucene search

WesterndigitalMy Cloud Os

9 matches found

CVE•added 2023/05/10 11:15 p.m.•49 views

CVE-2022-29840

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This is...

5.5CVSS5.4AI score0.00038EPSS

CVE•added 2023/02/06 2:15 p.m.•41 views

CVE-2021-36224

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

9.8CVSS9.4AI score0.00078EPSS

CVE•added 2023/05/10 9:15 p.m.•40 views

CVE-2022-29842

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.2...

9.8CVSS9.7AI score0.0087EPSS

CVE•added 2023/02/06 2:15 p.m.•32 views

CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.

8.8CVSS8.8AI score0.00066EPSS

CVE•added 2023/02/06 2:15 p.m.•32 views

CVE-2021-36226

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

9.8CVSS9.4AI score0.00041EPSS

CVE•added 2023/06/30 10:15 p.m.•30 views

CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admi...

6.7CVSS6.9AI score0.00325EPSS

CVE•added 2023/05/10 10:15 p.m.•28 views

CVE-2022-29841

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to ...

9.8CVSS9AI score0.00252EPSS

CVE•added 2023/06/30 10:15 p.m.•25 views

CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.This issue affects My Cloud OS 5 devices: before 5.26.300.

8.8CVSS7.2AI score0.00527EPSS

CVE•added 2023/07/01 12:15 a.m.•19 views

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

10CVSS9.6AI score0.00074EPSS