Vulnerabilities > Westerndigital > MY Cloud Home Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-22817 Server-Side Request Forgery (SSRF) vulnerability in Westerndigital products
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter.
local
low complexity
westerndigital CWE-918
5.5
2024-02-05 CVE-2023-22819 Resource Exhaustion vulnerability in Westerndigital products
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.
network
low complexity
westerndigital CWE-400
4.9
2023-05-18 CVE-2022-36326 Resource Exhaustion vulnerability in Westerndigital products
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.
network
low complexity
westerndigital CWE-400
4.9
2023-05-18 CVE-2022-36328 Path Traversal vulnerability in Westerndigital products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.
network
low complexity
westerndigital CWE-22
4.9
2022-11-09 CVE-2022-29836 Path Traversal vulnerability in Westerndigital products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system.
network
low complexity
westerndigital CWE-22
4.3
2022-09-27 CVE-2022-23006 Out-of-bounds Write vulnerability in Westerndigital products
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file.
local
high complexity
westerndigital CWE-787
6.7
2022-07-12 CVE-2022-22998 Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware
Implemented protections on AWS credentials that were not properly protected.
network
low complexity
westerndigital CWE-522
5.0