Vulnerabilities (CVE)

Filtered by vendor Westerndigital Subscribe
Total 83 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25765 1 Westerndigital 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
CVE-2020-28970 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)
CVE-2020-28940 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
CVE-2020-29563 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
CVE-2020-13799 2 Linaro, Westerndigital 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more 2024-02-28 4.6 MEDIUM 6.8 MEDIUM
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
CVE-2021-3310 1 Westerndigital 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
CVE-2020-27158 1 Westerndigital 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
CVE-2020-27159 1 Westerndigital 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
CVE-2020-28971 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
CVE-2020-27744 1 Westerndigital 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Firmware and 3 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
CVE-2021-28653 1 Westerndigital 1 Armorlock 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
CVE-2020-29654 1 Westerndigital 1 Dashboard 2024-02-28 6.9 MEDIUM 7.8 HIGH
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
CVE-2020-10951 1 Westerndigital 2 Ibi, My Cloud Home 2024-02-28 4.3 MEDIUM 4.7 MEDIUM
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
CVE-2020-15816 1 Westerndigital 1 Wd Discovery 2024-02-28 6.5 MEDIUM 8.8 HIGH
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
CVE-2020-12427 3 Apple, Microsoft, Westerndigital 3 Macos, Windows, Wd Discovery 2024-02-28 6.8 MEDIUM 8.8 HIGH
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
CVE-2019-13466 2 Sandisk, Westerndigital 2 Ssd Dashboard, Ssd Dashboard 2024-02-28 5.0 MEDIUM 7.5 HIGH
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.
CVE-2019-11686 1 Westerndigital 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.
CVE-2019-10706 1 Westerndigital 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more 2024-02-28 6.3 MEDIUM 6.3 MEDIUM
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.
CVE-2019-10705 1 Westerndigital 40 Sandisk X600 Sd9sb8w-128g, Sandisk X600 Sd9sb8w-128g Firmware, Sandisk X600 Sd9sb8w-1t00 and 37 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.
CVE-2020-8960 1 Westerndigital 1 Mycloud.com 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.