Vulnerabilities > Western Digital > Mycloud NAS

DATE CVE VULNERABILITY TITLE RISK
2017-01-03 CVE-2016-10108 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
network
low complexity
western-digital CWE-77
critical
 9.8
9.8
2017-01-03 CVE-2016-10107 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
network
low complexity
western-digital CWE-77
critical
 9.8
9.8