Westerndigital My Cloud Os 5 vulnerabilities

CVE-2022-36327 [CRITICAL] CWE-22 CVE-2022-36327: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that co Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This

CVE-2022-36326 [MEDIUM] CWE-400 CVE-2022-36326: An uncontrolled resource consumption vulnerability issue that could arise by sending crafted request An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue r

CVE-2022-36328 [MEDIUM] CWE-22 CVE-2022-36328: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that co Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My

CVE-2023-22813 [MEDIUM] CWE-200 CVE-2023-22813: A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private

CVE-2020-29563 [CRITICAL] CWE-287 CVE-2020-29563: An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authen An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

CVE-2020-28940 [CRITICAL] CWE-287 CVE-2020-28940: On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authenticat On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

CVE-2020-28971 [CRITICAL] CWE-287 CVE-2020-28971: An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authen An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.

CVE-2020-28970 [CRITICAL] CWE-287 CVE-2020-28970: An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authen An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)