Known Vulnerabilities for products from Westerndigital
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Westerndigital".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Westerndigital can be found at device.report : Westerndigital
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-22818 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2023-11-15 | 2023-11-22 |
| CVE-2023-22816 json | A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that coul... | 8.8 - HIGH | 2023-06-30 | 2023-07-07 |
| CVE-2023-22815 json | Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an atta... | 6.7 - MEDIUM | 2023-06-30 | 2023-08-28 |
| CVE-2023-22814 json | An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an at... | 9.8 - CRITICAL | 2023-07-01 | 2023-07-10 |
| CVE-2023-22813 json | A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My C... | 4.3 - MEDIUM | 2023-05-08 | 2023-05-16 |
| CVE-2023-22812 json | SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-... | 7.4 - HIGH | 2023-03-24 | 2023-11-04 |
| CVE-2022-36331 json | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attac... | 7.5 - HIGH | 2023-06-12 | 2023-06-21 |
| CVE-2022-36330 json | A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote co... | 8.1 - HIGH | 2023-05-10 | 2023-05-22 |
| CVE-2022-36329 json | An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was d... | 7.5 - HIGH | 2023-05-10 | 2023-05-18 |
| CVE-2022-36328 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to ... | 4.9 - MEDIUM | 2023-05-18 | 2023-05-27 |
| CVE-2022-36327 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to ... | 9.8 - CRITICAL | 2023-05-18 | 2023-05-31 |
| CVE-2022-36326 json | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume... | 4.9 - MEDIUM | 2023-05-18 | 2023-05-26 |
| CVE-2022-29844 json | A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allow... | 9.8 - CRITICAL | 2023-01-26 | 2023-02-01 |
| CVE-2022-29843 json | A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware... | 9.8 - CRITICAL | 2023-01-26 | 2023-02-01 |
| CVE-2022-29842 json | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacke... | 9.8 - CRITICAL | 2023-05-10 | 2023-05-18 |
| CVE-2022-29841 json | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by ... | 9.8 - CRITICAL | 2023-05-10 | 2023-05-22 |
| CVE-2022-29840 json | Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to po... | 5.5 - MEDIUM | 2023-05-10 | 2023-05-22 |
| CVE-2022-29839 json | Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that... | 5.5 - MEDIUM | 2022-12-09 | 2022-12-12 |
| CVE-2022-29838 json | Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices al... | 4.6 - MEDIUM | 2022-12-09 | 2022-12-12 |
| CVE-2022-29837 json | A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could ... | 7.8 - HIGH | 2022-12-01 | 2022-12-06 |
Known software with vulnerabilities from Westerndigital
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Westerndigital | Arkeia Virtual Appliance | - |
| Operating System | Westerndigital | Arkeia Virtual Appliance Firmware | 10.2.7 |
| Application | Westerndigital | Diagnostics | 1.7.0 |
| Application | Westerndigital | Drive Manager | 2.93 |
| Application | Westerndigital | Fat32 Formatter | 1.0.9 |
| Hardware | Westerndigital | Inand Cl Em132 | - |
| Hardware | Westerndigital | Inand Ix Em132 | - |
| Hardware | Westerndigital | Inand Ix Em132 Xi | - |
| Application | Westerndigital | Mycloud.com | 2.2.0-134 |
| Application | Westerndigital | My Cloud | - |
| Hardware | Westerndigital | My Cloud Expert Series Ex2 | - |
| Operating System | Westerndigital | My Cloud Firmware | - |
| Hardware | Westerndigital | My Cloud Mirror - Gen 2 | - |
| Hardware | Westerndigital | My Cloud Mirror Gen 2 | - |
| Operating System | Westerndigital | My Cloud Os 5 | 5.02.104 |
| Operating System | Westerndigital | My Cloud Pr4100 Firmware | 2.30.172 |
| Operating System | Westerndigital | My Net Firmware | 1.03.12 |
| Hardware | Westerndigital | My Net N600 | - |
| Hardware | Westerndigital | My Net N750 | - |
| Hardware | Westerndigital | My Net N900 | - |