Vulnerabilities > Westerndigital > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-22818 | Uncontrolled Search Path Element vulnerability in Westerndigital Sandisk Security Installer Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | 7.8 |
| 2023-06-30 | CVE-2023-22816 | Command Injection vulnerability in Westerndigital MY Cloud OS A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 8.8 |
| 2023-06-12 | CVE-2022-36331 | Authentication Bypass by Spoofing vulnerability in Westerndigital products Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | 7.5 |
| 2023-05-10 | CVE-2022-36329 | Unspecified vulnerability in Westerndigital products An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. | 7.5 |
| 2023-05-10 | CVE-2022-36330 | Classic Buffer Overflow vulnerability in Westerndigital products A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. | 8.1 |
| 2023-03-24 | CVE-2023-22812 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Westerndigital Sandisk Privateaccess SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. | 7.4 |
| 2023-02-06 | CVE-2021-36225 | Missing Authorization vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. | 8.8 |
| 2022-12-01 | CVE-2022-29837 | Path Traversal vulnerability in Westerndigital products A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. | 7.8 |
| 2022-07-12 | CVE-2022-22997 | OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. | 7.5 |
| 2022-01-28 | CVE-2022-22993 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. | 8.3 |