Vulnerabilities > Westerndigital > MY Cloud Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-04-24 CVE-2019-9950 Weak Password Requirements vulnerability in Westerndigital products
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability.
network
low complexity
westerndigital CWE-521
critical
 9.8
9.8
2018-03-30 CVE-2018-9148 Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory.
network
low complexity
westerndigital CWE-287
critical
 9.8
9.8