Vulnerabilities > Westerndigital > MY Cloud Pr2100 Firmware > 5.25.132

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-22817 Server-Side Request Forgery (SSRF) vulnerability in Westerndigital products
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter.
local
low complexity
westerndigital CWE-918
5.5
2023-01-26 CVE-2022-29843 OS Command Injection vulnerability in Westerndigital products
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
network
low complexity
westerndigital CWE-78
critical
9.8
2023-01-26 CVE-2022-29844 Path Traversal vulnerability in Westerndigital products
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files.
network
low complexity
westerndigital CWE-22
critical
9.8