Vulnerabilities > Westerndigital > MY Cloud Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-9148 | Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. | 5.0 |