Vulnerabilities > Westerndigital > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-22817 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital products Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. | 5.5 |
| 2024-02-05 | CVE-2023-22819 | Resource Exhaustion vulnerability in Westerndigital products An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
| 2023-06-30 | CVE-2023-22815 | Command Injection vulnerability in Westerndigital MY Cloud OS Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. | 6.7 |
| 2023-05-18 | CVE-2022-36326 | Resource Exhaustion vulnerability in Westerndigital products An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
| 2023-05-18 | CVE-2022-36328 | Path Traversal vulnerability in Westerndigital products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. | 4.9 |
| 2023-05-10 | CVE-2022-29840 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. | 5.5 |
| 2023-05-08 | CVE-2023-22813 | Missing Authorization vulnerability in Westerndigital products A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. | 4.3 |
| 2022-12-09 | CVE-2022-29838 | Improper Authentication vulnerability in Westerndigital MY Cloud OS Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. | 4.6 |
| 2022-12-09 | CVE-2022-29839 | Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud OS Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. | 5.5 |
| 2022-11-09 | CVE-2022-29836 | Path Traversal vulnerability in Westerndigital products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. | 4.3 |