Vulnerabilities > Westerndigital

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-12	CVE-2018-1151	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Westerndigital TV Live HUB Firmware and TV Media Player Firmware The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi. network low complexity westerndigital CWE-119 critical	10.0
2018-03-30	CVE-2018-9148	Improper Authentication vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. network low complexity westerndigital CWE-287	5.0
2017-12-12	CVE-2017-17560	Improper Authentication vulnerability in Westerndigital MY Cloud Pr4100 Firmware 2.30.172 An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. network low complexity westerndigital CWE-287 critical	10.0
2014-09-11	CVE-2014-5876	Cryptographic Issues vulnerability in Westerndigital WD MY Cloud 4.0.0 The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. westerndigital CWE-310	5.4
2014-04-28	CVE-2014-2846	Path Traversal vulnerability in Westerndigital Arkeia Virtual Appliance Firmware 10.2.7 Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. network low complexity westerndigital CWE-22	7.5
2013-07-31	CVE-2013-5006	Credentials Management vulnerability in Westerndigital MY NET N750, MY NET N900 and MY NET N900C main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. network westerndigital CWE-255	4.3

Vulnerabilities > Westerndigital {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Westerndigital"}]}

Vulnerabilities > Westerndigital