Vulnerabilities > Westerndigital > MY Cloud OS 5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2022-36326 | Resource Exhaustion vulnerability in Westerndigital products An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
| 2023-05-18 | CVE-2022-36327 | Path Traversal vulnerability in Westerndigital products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 9.8 |
| 2023-05-18 | CVE-2022-36328 | Path Traversal vulnerability in Westerndigital products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
| 2023-05-08 | CVE-2023-22813 | Missing Authorization vulnerability in Westerndigital products A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. | 4.3 |
| 2020-12-12 | CVE-2020-29563 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. | 7.5 |
| 2020-12-01 | CVE-2020-28971 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28970 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28940 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 7.5 |