CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28970

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.036

EPSS Ranking 87.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-28970

Westerndigital » My Cloud Ex2 Ultra » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-
Westerndigital » My Cloud Ex4100 » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_ex4100:-
Westerndigital » My Cloud Mirror Gen 2 » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-
Westerndigital » My Cloud Pr2100 » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_pr2100:-
Westerndigital » My Cloud Pr4100 » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_pr4100:-
Westerndigital » My Cloud Os 5 » Version: 5.02.104

cpe:2.3:o:westerndigital:my_cloud_os_5:5.02.104
Westerndigital » My Cloud Os 5 » Version: 5.03.103

cpe:2.3:o:westerndigital:my_cloud_os_5:5.03.103
Westerndigital » My Cloud Os 5 » Version: 5.04.114

cpe:2.3:o:westerndigital:my_cloud_os_5:5.04.114
Westerndigital » My Cloud Os 5 » Version: 5.05.111

cpe:2.3:o:westerndigital:my_cloud_os_5:5.05.111

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28970

Products

Pricing

Contact Us