Westerndigital My Cloud Os — known CVE vulnerabilities
Every CVE whose affected-product data names Westerndigital My Cloud Os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2023-22814 — CVSS 10.0 (critical): An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to…
CVE-2022-22989 — CVSS 9.8 (critical): My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by…
CVE-2022-29842 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute…
CVE-2022-22994 — CVSS 8.8 (high): A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into…
CVE-2021-36225 — CVSS 8.8 (high): Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware…
CVE-2022-29841 — CVSS 8.0 (high): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that…
CVE-2021-3310 — CVSS 7.8 (high): Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code…
CVE-2022-22990 — CVSS 7.8 (high): A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate…
CVE-2022-22991 — CVSS 7.8 (high): A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through…
CVE-2022-22992 — CVSS 7.8 (high): A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to…
CVE-2022-22993 — CVSS 7.8 (high): A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and…
CVE-2023-22815 — CVSS 6.2 (medium): Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute…
CVE-2023-22816 — CVSS 6.0 (medium): A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an…
CVE-2022-29840 — CVSS 5.1 (medium): Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to…
CVE-2022-29838 — CVSS 4.3 (medium): Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure…
CVE-2022-29839 — CVSS 4.1 (medium): Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow…