Vulnerabilities > Westerndigital > MY Cloud OS > 5.26.119
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-01 | CVE-2023-22814 | Authentication Bypass by Spoofing vulnerability in Westerndigital MY Cloud OS An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | 9.8 |
2023-06-30 | CVE-2023-22815 | Command Injection vulnerability in Westerndigital MY Cloud OS Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. | 6.7 |
2023-06-30 | CVE-2023-22816 | Command Injection vulnerability in Westerndigital MY Cloud OS A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 8.8 |
2023-05-10 | CVE-2022-29840 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. | 5.5 |