NotCVE - vendor:"Westerndigital"

Page 6 of 83 results (0.008 seconds)

CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 0

CVE-2020-29563 – Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-29563

11 Dec 2020 — An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. Se detectó un problema en dispositivos Western Digital My Cloud OS versión 5 anteriores a 5.07.118. Una vulnerabilidad de omisión de autenticación de administrador del NAS podría permitir a un usuario no autenticado conseguir acceso al dispositivo This vulnerability allows remote attackers to bypass authentica... • https://www.westerndigital.com/support/productsecurity/wdc-20010-my-cloud-os5-firmware-5-07-118 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-29654

https://notcve.org/view.php?id=CVE-2020-29654

11 Dec 2020 — Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. Western Digital Dashboard versiones anteriores a 3.2.2.9, permite el secuestro de una DLL que lleva a comprometer la cuenta SYSTEM • https://www.westerndigital.com/support/productsecurity/wdc-20011-western-digital-dashboard-privilege-escalation • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0

CVE-2020-28970 – Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-28970

01 Dec 2020 — An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.) Se detectó un problema en los dispositivos Western Digital My Cloud OS versiones 5 anteriores a 5.06.115. Una vulnerabilidad de omisión de autenticación de admin... • https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0

CVE-2020-28940 – Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-28940

01 Dec 2020 — On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. En los dispositivos Western Digital My Cloud OS 5 versiones anteriores a 5.06.115, el panel de administración de NAS presenta una vulnerabilidad de omisión de autenticación que podría permitir a un usuario no autenticado ejecutar comandos privilegiados en el dispositivo This vulnerability allows net... • https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0

CVE-2020-28971 – Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-28971

01 Dec 2020 — An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. Se detectó un problema en los dispositivos Western Digital My Cloud OS versiones 5 anteriores a 5.06.115. Una vulnerabilidad de omisión de autenticación de administrador de NAS podría permitir a un usuario no autenticado ejecutar com... • https://support.wdc.com/downloads.aspx?g=907&lang=en#downloads • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-13799

https://notcve.org/view.php?id=CVE-2020-13799

18 Nov 2020 — Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge o... • https://www.kb.cert.org/vuls/id/231329 • CWE-294: Authentication Bypass by Capture-replay •

CVSS: 10.0EPSS: 10%CPEs: 6EXPL: 1

CVE-2020-27744

https://notcve.org/view.php?id=CVE-2020-27744

29 Oct 2020 — An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. Se detectó un problema en los dispositivos NAS de Western Digital My Cloud versiones anteriores a 5.04.114. Permiten una ejecución de código remota con una escalada de privilegios resultante • https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 8%CPEs: 6EXPL: 1

CVE-2020-25765

https://notcve.org/view.php?id=CVE-2020-25765

27 Oct 2020 — Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. Se abordó una vulnerabilidad de ejecución de código remota en el archivo reg_device.php debido a una comprobación insuficiente de entrada del usuario en los dispositivos Western Digital My Cloud versiones anteriores a 5.4.1140 • https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 8%CPEs: 6EXPL: 1

CVE-2020-27159

https://notcve.org/view.php?id=CVE-2020-27159

27 Oct 2020 — Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 Se abordó una vulnerabilidad de ejecución de código remota en el archivo DsdkProxy.php, debido a un saneamiento insuficiente y una comprobación insuficiente de entrada del usuario en los dispositivos NAS Western Digital My Cloud versiones anteriores a 5.04.114 • https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 10%CPEs: 6EXPL: 1

CVE-2020-27158

https://notcve.org/view.php?id=CVE-2020-27158

27 Oct 2020 — Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. Se abordó una vulnerabilidad de ejecución de código remota en el archivo cgi_api.php, que permitía una escalada de privilegios en dispositivos NAS de Western Digital My Cloud versiones anteriores a 5.04.114 • https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

1...4 5 6 7 8