Vulnerability Details CVE-2020-25765
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
- https://www.westerndigital.com/support/productsecurity
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
- https://www.westerndigital.com/support/productsecurity
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
Products affected by CVE-2020-25765
-
cpe:2.3:h:westerndigital:my_cloud_ex4100:-
-
cpe:2.3:h:westerndigital:my_cloud_expert_series_ex2:-
-
cpe:2.3:h:westerndigital:my_cloud_mirror_-_gen_2:-
-
cpe:2.3:h:westerndigital:my_cloud_pr2100:-
-
cpe:2.3:h:westerndigital:my_cloud_pr4100:-
-
cpe:2.3:o:westerndigital:my_cloud_firmware:-
-
cpe:2.3:o:westerndigital:my_cloud_firmware:04.05.00-320
-
cpe:2.3:o:westerndigital:my_cloud_firmware:2.31.149
-
cpe:2.3:o:westerndigital:my_cloud_firmware:2.31.163
-
cpe:2.3:o:westerndigital:my_cloud_firmware:2.31.174
-
cpe:2.3:o:westerndigital:my_cloud_firmware:2.31.183