Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWesterndigital My Cloud Os
OSWesterndigital< 5.02.104Westerndigital My Cloud Pr4100
HWWesterndigitalwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2023-22814CRITICAL10.0ten sam produkt
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that co...
CVE-2022-36331CRITICAL10.0ten sam produkt
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impe...
CVE-2022-29842CRITICAL9.8ten sam produkt
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...
CVE-2021-36224CRITICAL9.8ten sam produkt
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVE-2022-22995CRITICAL10.0ten sam produkt
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writi...