Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-27 | CVE-2020-27160 | Path Traversal vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | 7.5 |
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 10.0 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 10.0 |
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 10.0 |
| 2020-10-27 | CVE-2020-12830 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114. | 7.5 |
| 2020-07-17 | CVE-2020-15816 | Injection vulnerability in Westerndigital WD Discovery In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | 6.5 |
| 2020-05-13 | CVE-2020-12427 | Cross-Site Request Forgery (CSRF) vulnerability in Westerndigital WD Discovery 2.12.127 The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | 6.8 |
| 2020-04-15 | CVE-2020-10951 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Westerndigital IBI and MY Cloud Home Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | 4.7 |
| 2020-03-10 | CVE-2019-10705 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | 4.3 |
| 2020-03-10 | CVE-2019-11686 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | 2.1 |