CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-29840 – Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices
https://notcve.org/view.php?id=CVE-2022-29840
10 May 2023 — Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentica... • https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-29841 – OS Command Injection vulnerability in Western Digital My Cloud devices
https://notcve.org/view.php?id=CVE-2022-29841
10 May 2023 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119. This vulnerability allows remote attackers to execute arbitrary code on aff... • https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-29842 – Command Injection Vulnerability in Western Digital My Cloud devices
https://notcve.org/view.php?id=CVE-2022-29842
10 May 2023 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnera... • https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36329 – Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices
https://notcve.org/view.php?id=CVE-2022-36329
10 May 2023 — An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. • https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-36330 – Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices
https://notcve.org/view.php?id=CVE-2022-36330
09 May 2023 — A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. A buffer overflow vulnerability was discovered on firm... • https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22813 – Device API endpoint missing access controls on Western Digital Mobile and Web Apps
https://notcve.org/view.php?id=CVE-2023-22813
08 May 2023 — A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and ... • https://www.westerndigital.com/support/product-security/wdc-23004-western-digital-my-cloud-os-5-my-cloud-home-sandisk-ibi-and-wd-cloud-mobile-and-web-app-update • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22812 – SanDisk PrivateAccess Deprecated TLS protocol versions supported
https://notcve.org/view.php?id=CVE-2023-22812
24 Mar 2023 — SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. • https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36224
https://notcve.org/view.php?id=CVE-2021-36224
06 Feb 2023 — Western Digital My Cloud devices before OS5 have a nobody account with a blank password. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36225
https://notcve.org/view.php?id=CVE-2021-36225
06 Feb 2023 — Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36226
https://notcve.org/view.php?id=CVE-2021-36226
06 Feb 2023 — Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md • CWE-347: Improper Verification of Cryptographic Signature •