CVE-2021-36226
https://notcve.org/view.php?id=CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-36224
https://notcve.org/view.php?id=CVE-2021-36224
Western Digital My Cloud devices before OS5 have a nobody account with a blank password. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-798: Use of Hard-coded Credentials •
CVE-2021-36225
https://notcve.org/view.php?id=CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-862: Missing Authorization •
CVE-2022-29844 – Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp
https://notcve.org/view.php?id=CVE-2022-29844
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker. Una vulnerabilidad en el servicio FTP de los dispositivos Western Digital My Cloud OS 5 que ejecutan versiones de firmware anteriores a la 5.26.119 permite a un atacante leer y escribir archivos arbitrarios. Esto podría provocar un compromiso total del NAS y proporcionaría capacidades de ejecución remota al atacante. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. • https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2022-29843 – Western Digital My Cloud OS 5 devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-29843
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. Una vulnerabilidad de inyección de comandos en la configuración del servicio DDNS de dispositivos Western Digital My Cloud OS 5 que ejecutan versiones de firmware anteriores a la 5.26.119 permite a un atacante ejecutar código en el contexto del usuario root. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DDNS responses. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •