Vulnerabilities > Westerndigital > MY Cloud OS > 5.26.119

DATE CVE VULNERABILITY TITLE RISK
2023-07-01 CVE-2023-22814 Authentication Bypass by Spoofing vulnerability in Westerndigital MY Cloud OS
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.
network
low complexity
westerndigital CWE-290
critical
9.8
2023-06-30 CVE-2023-22815 Command Injection vulnerability in Westerndigital MY Cloud OS
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files.
network
low complexity
westerndigital CWE-77
6.7
2023-06-30 CVE-2023-22816 Command Injection vulnerability in Westerndigital MY Cloud OS
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.
network
low complexity
westerndigital CWE-77
8.8
2023-05-10 CVE-2022-29840 Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices.
local
low complexity
westerndigital CWE-918
5.5