Vulnerabilities > Westerndigital > MY Cloud OS > 5.05.111
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 7.5 |
| 2022-01-13 | CVE-2022-22989 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. | 9.8 |
| 2022-01-13 | CVE-2022-22990 | Incorrect Comparison vulnerability in Westerndigital MY Cloud OS A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. | 8.8 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.3 |