Westerndigital: Security Vulnerabilities
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-05-10
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.
CVSS Score
8.0
EPSS Score
0.003
Published
2023-05-10
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-05-10
An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-05-10
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.
This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
CVSS Score
1.9
EPSS Score
0.002
Published
2023-05-10
A device API
endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy
and missing authentication requirement for private IPs, a remote attacker on
the same network as the device could obtain device information by convincing a
victim user to visit an attacker-controlled server and issue a cross-site
request.
This issue affects
My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My
Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126;
ibi Web App: before 4.26.0-6126.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-05-08
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-03-24
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-06
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-02-06