Westerndigital My Cloud Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Westerndigital My Cloud Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-36331 — CVSS 10.0 (critical): Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could…
CVE-2022-22995 — CVSS 10.0 (critical): The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting…
CVE-2020-12830 — CVSS 9.8 (critical): Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through…
CVE-2020-25765 — CVSS 9.8 (critical): Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud…
CVE-2020-27158 — CVSS 9.8 (critical): Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices…
CVE-2018-9148 — CVSS 9.8 (critical): Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers…
CVE-2020-27160 — CVSS 9.8 (critical): Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS…
CVE-2020-27744 — CVSS 9.8 (critical): An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation…
CVE-2020-27159 — CVSS 9.8 (critical): Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input…
CVE-2019-9950 — CVSS 9.8 (critical): Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My…
CVE-2019-9949 — CVSS 8.8 (high): Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are…
CVE-2022-23000 — CVSS 7.3 (high): The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules…