CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5876
https://notcve.org/view.php?id=CVE-2014-5876
11 Sep 2014 — The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación WD My Cloud (también conocido como com.wdc.wd2go) 4.0.0 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulad... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2014-2846 – WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2014-2846
23 Apr 2014 — Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer a... • https://packetstorm.news/files/id/126286 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 2CVE-2013-5006 – Western Digital My Net Wireless Routers - Password Disclosure
https://notcve.org/view.php?id=CVE-2013-5006
31 Jul 2013 — main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. main_internet.php sobre Western Digital My Net N600 y N750 con firmware 1.03.12 y 1.04.16,y el N900 y N900C con firmware 1.05.12, 1.06.18, y 1.06.28, permite a atacantes remotos descubrir la contraseña de adminis... • https://packetstorm.news/files/id/122640 • CWE-255: Credentials Management Errors •