Westerndigital My Cloud Pr4100 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Westerndigital My Cloud Pr4100 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-36331 — CVSS 10.0 (critical): Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could…
CVE-2022-22995 — CVSS 10.0 (critical): The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting…
CVE-2019-9950 — CVSS 9.8 (critical): Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My…
CVE-2017-17560 — CVSS 9.8 (critical): An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_upl…
CVE-2019-9949 — CVSS 8.8 (high): Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are…
CVE-2022-22999 — CVSS 8.2 (high): Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated…
CVE-2022-23000 — CVSS 7.3 (high): The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules…
CVE-2022-29844 — CVSS 6.7 (medium): A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker…
CVE-2022-29843 — CVSS 6.2 (medium): A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions…
CVE-2023-22817 — CVSS 5.5 (medium): Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS…
CVE-2023-22819 — CVSS 4.9 (medium): An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large…