Vulnerabilities > Westerndigital > MY Cloud Firmware > 2.31.149
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-12 | CVE-2022-36331 | Authentication Bypass by Spoofing vulnerability in Westerndigital products Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | 7.5 |
| 2022-03-25 | CVE-2022-22995 | Link Following vulnerability in multiple products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. | 9.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 10.0 |
| 2020-10-27 | CVE-2020-27160 | Path Traversal vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | 7.5 |
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 10.0 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 10.0 |
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 10.0 |