Vulnerabilities > Westerndigital > MY Cloud OS > 5.02.104
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 9.8 |
| 2022-01-13 | CVE-2022-22989 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. | 9.8 |
| 2022-01-13 | CVE-2022-22990 | Incorrect Comparison vulnerability in Westerndigital MY Cloud OS A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. | 8.8 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.8 |
| 2021-03-10 | CVE-2021-3310 | Link Following vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. | 7.8 |