Vulnerabilities > Westerndigital > MY Cloud Pr2100 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-29844 Path Traversal vulnerability in Westerndigital products
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files.
network
low complexity
westerndigital CWE-22
critical
9.8
2023-01-26 CVE-2022-29843 OS Command Injection vulnerability in Westerndigital products
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
network
low complexity
westerndigital CWE-78
critical
9.8
2022-03-25 CVE-2022-22995 Link Following vulnerability in multiple products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital fedoraproject netatalk CWE-59
critical
9.8
2019-05-23 CVE-2019-9949 Link Following vulnerability in Westerndigital products
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability.
network
low complexity
westerndigital CWE-59
critical
9.0