Vulnerabilities > Westerndigital > MY Cloud Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-22995 | Link Following vulnerability in multiple products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. | 9.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 10.0 |
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 10.0 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 10.0 |
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 10.0 |
| 2019-05-23 | CVE-2019-9949 | Link Following vulnerability in Westerndigital products Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. | 9.0 |