Westerndigital My Cloud Home vulnerabilities
2 known vulnerabilities affecting westerndigital/my_cloud_home.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-22813MEDIUMCVSS 4.3fixed in 4.21.0fixed in 4.26.0-61262023-05-08
CVE-2023-22813 [MEDIUM] CWE-200 CVE-2023-22813:
A device API
endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and
A device API
endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy
and missing authentication requirement for private
nvd
CVE-2020-10951MEDIUMCVSS 4.7fixed in 2.2.02020-04-15
CVE-2020-10951 [MEDIUM] CWE-1021 CVE-2020-10951: Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
nvd