CVE-2020-12830 — Out-of-bounds Write in MY Cloud Firmware

CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

3.2%

top 13.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Westerndigital MY Cloud Firmware

Timeline

PublishedOct 27

Latest updateMay 24

Description

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDwesterndigital/my_cloud_firmware< 5.04.114

🔴Vulnerability Details

GHSA

GHSA-hmww-h9vv-9rgj: Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remot↗2022-05-24

▶