Vulnerabilities > Westerndigital > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-22992 | Improper Encoding or Escaping of Output vulnerability in Westerndigital MY Cloud OS A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. | 9.8 |
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 9.8 |
| 2022-01-13 | CVE-2022-22988 | Incorrect Permission Assignment for Critical Resource vulnerability in Westerndigital Edgerover 0.25 File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | 9.1 |
| 2022-01-13 | CVE-2022-22989 | Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. | 9.8 |
| 2020-12-12 | CVE-2020-29563 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. | 9.8 |
| 2020-12-01 | CVE-2020-28971 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 9.8 |
| 2020-12-01 | CVE-2020-28970 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 9.8 |
| 2020-12-01 | CVE-2020-28940 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 9.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 9.8 |
| 2020-10-27 | CVE-2020-27160 | Path Traversal vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | 9.8 |