Vulnerabilities > CVE-2020-12830 - Out-of-bounds Write vulnerability in Westerndigital MY Cloud Firmware 04.05.00320

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

westerndigital

CWE-787

NVD

Published: 2020-10-27

Updated: 2020-11-02

Summary

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

Vulnerable Configurations

Part	Description	Count
OS	Westerndigital Westerndigital MY Cloud Firmware 04.05.00-320	1
Hardware	Westerndigital Westerndigital MY Cloud Ex4100 - Westerndigital MY Cloud Expert Series EX2 - Westerndigital MY Cloud Mirror GEN 2 - Westerndigital MY Cloud Pr2100 - Westerndigital MY Cloud Pr4100 -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://support.wdc.com/downloads.aspx?g=907&lang=en
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114