Page 4 of 18 results (0.004 seconds)

CVSS: 4.6EPSS: 0%CPEs: 11EXPL: 0

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. La vulnerabilidad de autenticación inadecuada en los volúmenes cifrados y las funciones de montaje automático de los dispositivos Western Digital My Cloud permite un acceso directo inseguro a la información de la unidad en el caso de un reinicio del dispositivo. Este problema afecta: Versiones de Western Digital My Cloud My Cloud anteriores a la 5.25.124 en Linux. • https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124 • CWE-287: Improper Authentication •

CVSS: 8.2EPSS: 0%CPEs: 16EXPL: 0

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components. Los dispositivos My Cloud de Western Digital son susceptibles a una vulnerabilidad de tipo cross side scripting que puede permitir a un usuario malicioso con altos privilegios acceder a las unidades de las que está haciéndose una copia de seguridad para construir e inyectar cargas útiles de JavaScript en el navegador de un usuario autenticado. Como resultado, puede ser posible conseguir el control de la sesión autenticada, robar datos, modificar la configuración o redirigir al usuario a sitios web maliciosos. • https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability. • https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •