Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2022-22996 | Uncontrolled Search Path Element vulnerability in Westerndigital products The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. | 6.9 |
| 2022-03-25 | CVE-2022-22995 | Link Following vulnerability in multiple products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. | 9.8 |
| 2022-01-28 | CVE-2022-22992 | Improper Encoding or Escaping of Output vulnerability in Westerndigital MY Cloud OS A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. | 9.8 |
| 2022-01-28 | CVE-2022-22993 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. | 8.3 |
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 7.5 |
| 2022-01-13 | CVE-2022-22988 | Incorrect Permission Assignment for Critical Resource vulnerability in Westerndigital Edgerover 0.25 File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | 9.1 |
| 2022-01-13 | CVE-2022-22989 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. | 9.8 |
| 2022-01-13 | CVE-2022-22990 | Incorrect Comparison vulnerability in Westerndigital MY Cloud OS A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. | 8.8 |
| 2022-01-13 | CVE-2022-22991 | Command Injection vulnerability in Westerndigital MY Cloud OS A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. | 8.3 |
| 2021-06-29 | CVE-2021-35941 | Missing Authentication for Critical Function vulnerability in Westerndigital products Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | 5.0 |