MidnightBSD

Advisories for westerndigital

CVE-2013-5006 MEDIUM

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
westerndigital my_net_n900 -
westerndigital my_net_n750 -
westerndigital my_net_n900c -
CVE-2014-2846 HIGH

Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
westerndigital arkeia_virtual_appliance_firmware *
CVE-2014-5876 MEDIUM

The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
westerndigital wd_my_cloud 4.0.0
CVE-2017-17560 HIGH

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_pr4100_firmware 2.30.172
CVE-2018-1151 HIGH

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
westerndigital tv_live_hub_firmware 3.12.13
westerndigital tv_media_player_firmware 1.03.07
CVE-2018-18472 HIGH

Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
westerndigital my_book_live_firmware *
CVE-2018-7928 LOW

There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
westerndigital my_cloud *
CVE-2018-9148 MEDIUM

Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware 04.05.00-320
CVE-2019-10705 MEDIUM

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
westerndigital sandisk_x600_sd9tb8w-1t00_firmware *
westerndigital sandisk_x600_sd9sn8w-128g_firmware *
westerndigital sandisk_x600_sd9sn8w-256g_firmware *
westerndigital sandisk_x600_sd9sb8w-1t00_firmware *
westerndigital sandisk_x600_sd9tb8w-2t00_firmware *
westerndigital sandisk_x600_sd9tn8w-512g_firmware *
westerndigital sandisk_x600_sd9tn8w-128g_firmware *
westerndigital sandisk_x600_sd9tn8w-2t00_firmware *
westerndigital sandisk_x600_sd9sn8w-1t00_firmware *
westerndigital sandisk_x600_sd9sb8w-512g_firmware *
westerndigital sandisk_x600_sd9sb8w-2t00_firmware *
westerndigital sandisk_x600_sd9sb8w-256g_firmware *
westerndigital sandisk_x600_sd9sn8w-512g_firmware *
westerndigital sandisk_x600_sd9sn8w-2t00_firmware *
westerndigital sandisk_x600_sd9tb8w-512g_firmware *
westerndigital sandisk_x600_sd9sb8w-128g_firmware *
westerndigital sandisk_x600_sd9tb8w-128g_firmware *
westerndigital sandisk_x600_sd9tb8w-256g_firmware *
westerndigital sandisk_x600_sd9tn8w-256g_firmware *
westerndigital sandisk_x600_sd9tn8w-1t00_firmware *
CVE-2019-10706 MEDIUM

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
westerndigital sandisk_x300s_sd7un3q-256g_firmware -
westerndigital sandisk_x300_sd7sb6s-256g_firmware -
westerndigital sandisk_x600_sd9tb8w-1t00_firmware *
westerndigital sandisk_x400_sd8tb8u-128g-1122_firmware -
westerndigital sandisk_x600_sd9tn8w-512g_firmware *
westerndigital sandisk_x300_sd7sf6s-256g_firmware -
westerndigital sandisk_x300_sd7sb7s-010t_firmware -
westerndigital sandisk_x400_sd8sb8u-256g_firmware -
westerndigital sandisk_x400_sd8tb8u-256g-1122_firmware -
westerndigital sandisk_x400_sd8tb8u-512g-1122_firmware -
westerndigital sandisk_x300s_sd7sn3q-064g_firmware -
westerndigital sandisk_x600_sd9sn8w-512g_firmware *
westerndigital sandisk_x600_sd9tb8w-512g_firmware *
westerndigital sandisk_x400_sd8sn8u-1t00-1122_firmware -
westerndigital sandisk_x300_sd7sf6s-128g_firmware -
westerndigital sandisk_x600_sd9sn8w-128g_firmware *
westerndigital sandisk_x300s_sd7ub3q-256g_firmware -
westerndigital sandisk_x300s_sd7ub2q-010t_firmware -
westerndigital sandisk_x300s_sd7un3q-128g_firmware -
westerndigital sandisk_x600_sd9tn8w-2t00_firmware *
westerndigital sandisk_x400_sd8sb8u-512g_firmware -
westerndigital sandisk_x400_sd8sn8u-128g_firmware -
westerndigital sandisk_x600_sd9sb8w-512g_firmware *
westerndigital sandisk_x400_sd8sb8u-1t00-1122_firmware -
westerndigital sandisk_x300_sd7sn6s-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-256g_firmware *
westerndigital sandisk_x300s_sd7ub3q-128g_firmware -
westerndigital sandisk_x400_sd8tb8u-1t00-1122_firmware -
westerndigital sandisk_x400_sd8sb8u-128g_firmware -
westerndigital sandisk_x600_sd9sn8w-256g_firmware *
westerndigital sandisk_x600_sd9tb8w-2t00_firmware *
westerndigital sandisk_x400_sd8sn8u-128g-1122_firmware -
westerndigital sandisk_x400_sd8sn8u-256g_firmware -
westerndigital sandisk_x600_sd9sn8w-1t00_firmware *
westerndigital sandisk_x400_sd8sb8u-512g-1122_firmware -
westerndigital sandisk_x600_sd9sb8w-2t00_firmware *
westerndigital sandisk_x300_sd7sn6s-256g_firmware -
westerndigital sandisk_x400_sd8sb8u-128g-1122_firmware -
westerndigital sandisk_x400_sd8sn8u-1t00_firmware -
westerndigital sandisk_x600_sd9tb8w-256g_firmware *
westerndigital sandisk_x400_sd8sb8u-256g-1122_firmware -
westerndigital sandisk_x600_sd9tn8w-1t00_firmware *
westerndigital sandisk_x300s_sd7ub2q-512g_firmware -
westerndigital sandisk_x400_sd8sb8u-1t00_firmware -
westerndigital sandisk_x400_sd8sn8u-512g_firmware -
westerndigital sandisk_x300_sd7sf6s-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-1t00_firmware *
westerndigital sandisk_x600_sd9tn8w-128g_firmware *
westerndigital sandisk_x300_sd7sn6s-128g_firmware -
westerndigital sandisk_x400_sd8sn8u-512g-1122_firmware -
westerndigital sandisk_x300_sd7sb7s-512g_firmware -
westerndigital sandisk_x300s_sd7sb3q-064g_firmware -
westerndigital sandisk_x600_sd9sn8w-2t00_firmware *
westerndigital sandisk_x400_sd8sn8u-256g-1122_firmware -
westerndigital sandisk_x300_sd7sb6s-128g_firmware -
westerndigital sandisk_x300s_sd7un3q-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-128g_firmware *
westerndigital sandisk_x600_sd9tb8w-128g_firmware *
westerndigital sandisk_x600_sd9tn8w-256g_firmware *
CVE-2019-11686 LOW

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
westerndigital sandisk_x300s_sd7un3q-256g_firmware -
westerndigital sandisk_x300_sd7sb6s-256g_firmware -
westerndigital sandisk_x600_sd9tb8w-1t00_firmware *
westerndigital sandisk_x400_sd8tb8u-128g-1122_firmware -
westerndigital sandisk_x600_sd9tn8w-512g_firmware *
westerndigital sandisk_x300_sd7sf6s-256g_firmware -
westerndigital sandisk_x300_sd7sb7s-010t_firmware -
westerndigital sandisk_x400_sd8sb8u-256g_firmware -
westerndigital sandisk_x400_sd8tb8u-256g-1122_firmware -
westerndigital sandisk_x400_sd8tb8u-512g-1122_firmware -
westerndigital sandisk_x300s_sd7sn3q-064g_firmware -
westerndigital sandisk_x600_sd9sn8w-512g_firmware *
westerndigital sandisk_x600_sd9tb8w-512g_firmware *
westerndigital sandisk_x400_sd8sn8u-1t00-1122_firmware -
westerndigital sandisk_x300_sd7sf6s-128g_firmware -
westerndigital sandisk_x600_sd9sn8w-128g_firmware *
westerndigital sandisk_x300s_sd7ub3q-256g_firmware -
westerndigital sandisk_x300s_sd7ub2q-010t_firmware -
westerndigital sandisk_x300s_sd7un3q-128g_firmware -
westerndigital sandisk_x600_sd9tn8w-2t00_firmware *
westerndigital sandisk_x400_sd8sb8u-512g_firmware -
westerndigital sandisk_x400_sd8sn8u-128g_firmware -
westerndigital sandisk_x600_sd9sb8w-512g_firmware *
westerndigital sandisk_x400_sd8sb8u-1t00-1122_firmware -
westerndigital sandisk_x300_sd7sn6s-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-256g_firmware *
westerndigital sandisk_x300s_sd7ub3q-128g_firmware -
westerndigital sandisk_x400_sd8tb8u-1t00-1122_firmware -
westerndigital sandisk_x400_sd8sb8u-128g_firmware -
westerndigital sandisk_x600_sd9sn8w-256g_firmware *
westerndigital sandisk_x600_sd9tb8w-2t00_firmware *
westerndigital sandisk_x400_sd8sn8u-128g-1122_firmware -
westerndigital sandisk_x400_sd8sn8u-256g_firmware -
westerndigital sandisk_x600_sd9sn8w-1t00_firmware *
westerndigital sandisk_x400_sd8sb8u-512g-1122_firmware -
westerndigital sandisk_x600_sd9sb8w-2t00_firmware *
westerndigital sandisk_x300_sd7sn6s-256g_firmware -
westerndigital sandisk_x400_sd8sb8u-128g-1122_firmware -
westerndigital sandisk_x400_sd8sn8u-1t00_firmware -
westerndigital sandisk_x600_sd9tb8w-256g_firmware *
westerndigital sandisk_x400_sd8sb8u-256g-1122_firmware -
westerndigital sandisk_x600_sd9tn8w-1t00_firmware *
westerndigital sandisk_x300s_sd7ub2q-512g_firmware -
westerndigital sandisk_x400_sd8sb8u-1t00_firmware -
westerndigital sandisk_x400_sd8sn8u-512g_firmware -
westerndigital sandisk_x300_sd7sf6s-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-1t00_firmware *
westerndigital sandisk_x600_sd9tn8w-128g_firmware *
westerndigital sandisk_x300_sd7sn6s-128g_firmware -
westerndigital sandisk_x400_sd8sn8u-512g-1122_firmware -
westerndigital sandisk_x300_sd7sb7s-512g_firmware -
westerndigital sandisk_x300s_sd7sb3q-064g_firmware -
westerndigital sandisk_x600_sd9sn8w-2t00_firmware *
westerndigital sandisk_x400_sd8sn8u-256g-1122_firmware -
westerndigital sandisk_x300_sd7sb6s-128g_firmware -
westerndigital sandisk_x300s_sd7un3q-512g_firmware -
westerndigital sandisk_x600_sd9sb8w-128g_firmware *
westerndigital sandisk_x600_sd9tb8w-128g_firmware *
westerndigital sandisk_x600_sd9tn8w-256g_firmware *
CVE-2019-13466 MEDIUM

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
sandisk ssd_dashboard *
westerndigital ssd_dashboard *
CVE-2019-13467 MEDIUM

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sandisk ssd_dashboard *
westerndigital ssd_dashboard *
CVE-2019-16399 HIGH

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
westerndigital wd_my_book_firmware *
CVE-2019-9949 HIGH

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_mirror_gen2_firmware *
westerndigital my_cloud_firmware *
CVE-2019-9950 HIGH

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_mirror_gen2_firmware *
westerndigital my_cloud_firmware *
CVE-2020-10951 MEDIUM

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
westerndigital ibi *
westerndigital my_cloud_home *
CVE-2020-12427 MEDIUM

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
westerndigital wd_discovery *
CVE-2020-12830 HIGH

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-13799 MEDIUM

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,

Products Affected

Vendor Product Version
linaro op-tee *
westerndigital inand_cl_em132_firmware *
westerndigital inand_ix_em132_firmware *
westerndigital inand_ix_em132_xi_firmware *
CVE-2020-15816 MEDIUM

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
westerndigital wd_discovery *
CVE-2020-25765 HIGH

Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-78,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-27158 HIGH

Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-27159 HIGH

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-27160 HIGH

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-27744 HIGH

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
westerndigital my_cloud_firmware *
CVE-2020-28940 HIGH

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_os_5 *
CVE-2020-28970 HIGH

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_os_5 *
CVE-2020-28971 HIGH

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_os_5 *
CVE-2020-29563 HIGH

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
westerndigital my_cloud_os_5 *
CVE-2020-29654 MEDIUM

Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
westerndigital dashboard *
CVE-2020-8959 MEDIUM

Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
westerndigital sandiskssddashboardsetup.exe *
westerndigital westerndigitalssddashboardsetup.exe *
CVE-2020-8960 MEDIUM

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
westerndigital mycloud.com *
CVE-2021-28653 MEDIUM

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-922,

Products Affected

Vendor Product Version
westerndigital armorlock *
CVE-2021-3310 MEDIUM

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2021-33205 MEDIUM

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
westerndigital edgerover *
CVE-2021-35941 MEDIUM

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
westerndigital wd_my_book_live_duo_firmware *
westerndigital wd_my_book_live_firmware *
CVE-2021-36224

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2021-36225

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2021-36226

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22988 MEDIUM

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
psirt@wdc.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,CWE-732,

Products Affected

Vendor Product Version
westerndigital edgerover *
CVE-2022-22989 HIGH

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@wdc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22990 HIGH

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@wdc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.4 5.8

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-697,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22991 HIGH

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.4 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-77,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22992 HIGH

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.4 5.8
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22993 HIGH

A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.4 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22994 HIGH

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-22995 HIGH

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
netatalk netatalk *
fedoraproject fedora 39
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
fedoraproject fedora 38
westerndigital my_cloud_mirror_gen_2_firmware *
fedoraproject fedora 37
westerndigital wd_cloud_firmware *
westerndigital my_cloud_firmware *
CVE-2022-22996 MEDIUM

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@wdc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
westerndigital sandisk_professional_g-raid_4/8_software_utility *
westerndigital sandisk_professional_g-raid_4/8_software_utility_driver *
CVE-2022-22997 HIGH

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@wdc.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-22998 MEDIUM

Implemented protections on AWS credentials that were not properly protected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 8.0 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.6 5.8
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
psirt@wdc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
CVE-2022-23000

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L 2.5 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_firmware *
CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
westerndigital sweet_b 1
CVE-2022-23002

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
westerndigital sweet_b 1
CVE-2022-23003

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
westerndigital sweet_b 1
CVE-2022-23004

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
westerndigital sweet_b 1
CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
psirt@wdc.com 1.8 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N 0.3 1.4

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-29835

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Products Affected

Vendor Product Version
westerndigital wd_discovery *
CVE-2022-29836

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-29837

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-29838

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-29839

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-29840

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.4 3.6

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-29841

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-29842

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2022-29843

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
CVE-2022-29844

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital my_cloud_dl2100_firmware *
CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_os_5 *
CVE-2022-36327

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires an authentication bypass issue to be triggered before this can be exploited.  This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 1.3 4.0

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_os_5 *
CVE-2022-36328

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 1.3 4.0

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_os_5 *
CVE-2022-36329

An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 1.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 0.5 1.4

Products Affected

Vendor Product Version
westerndigital my_cloud_home_duo_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_home_firmware *
CVE-2022-36331

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital my_cloud_firmware *
CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
psirt@wdc.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
westerndigital sandisk_privateaccess *
CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
westerndigital sandisk_ibi *
westerndigital my_cloud_home *
westerndigital my_cloud *
westerndigital my_cloud_os_5 *
CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 3.9 5.8

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.  This issue affects My Cloud OS 5 devices: before 5.26.300.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H 0.5 5.5

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H 0.5 5.5

Products Affected

Vendor Product Version
westerndigital my_cloud_os *
CVE-2023-22817

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@wdc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_glacier_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr2100_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital wd_cloud_firmware *
CVE-2023-22818

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@wdc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
westerndigital sandisk_security_installer *
CVE-2023-22819

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
psirt@wdc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_glacier_firmware *
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_pr4100_firmware *
westerndigital sandisk_ibi_firmware *
westerndigital wd_cloud_firmware *