Vulnerabilities > Westerndigital > MY Cloud Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-30 CVE-2018-9148 Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory.
network
low complexity
westerndigital CWE-287
5.0
5.0