Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-23003 | Incorrect Calculation vulnerability in Westerndigital Sweet B 1 When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. | 5.3 |
| 2022-07-29 | CVE-2022-23004 | Incorrect Calculation vulnerability in Westerndigital Sweet B 1 When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. | 5.3 |
| 2022-07-25 | CVE-2022-22999 | Cross-site Scripting vulnerability in Westerndigital products Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. | 4.8 |
| 2022-07-25 | CVE-2022-23000 | Unspecified vulnerability in Westerndigital products The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. | 7.8 |
| 2022-07-12 | CVE-2022-22997 | OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. | 9.8 |
| 2022-07-12 | CVE-2022-22998 | Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Implemented protections on AWS credentials that were not properly protected. | 7.5 |
| 2022-03-30 | CVE-2022-22996 | Uncontrolled Search Path Element vulnerability in Westerndigital products The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. | 7.8 |
| 2022-03-25 | CVE-2022-22995 | Link Following vulnerability in multiple products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. | 9.8 |
| 2022-01-28 | CVE-2022-22992 | Improper Encoding or Escaping of Output vulnerability in Westerndigital MY Cloud OS A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. | 9.8 |
| 2022-01-28 | CVE-2022-22993 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. | 8.8 |