My cloud

This hub aggregates every CVE we track for My cloud, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting My cloud.

• CVE-2025-30247An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a sp...9.8Sep 29, 2025
• CVE-2024-22170Unchecked buffer in Dynamic DNS client8.1Sep 27, 2024
• CVE-2022-36331Impersonation attack causing an Authentication Bypass on Western Digital devices10.0Jun 12, 2023
• CVE-2022-36327Path traversal vulnerability leading to an arbitrary file write in Western Digital devices5.8May 18, 2023
• CVE-2023-22813Device API endpoint missing access controls on Western Digital Mobile and Web Apps3.3May 8, 2023
• CVE-2022-29844Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp6.7Jan 25, 2023
• CVE-2022-29843Western Digital My Cloud OS 5 devices Command Injection Vulnerability6.2Jan 25, 2023
• CVE-2022-29838Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices4.3Dec 9, 2022
• CVE-2022-29839Remote Backups Application Discloses Stored Credentials4.1Dec 9, 2022
• CVE-2022-22999Cross-site Scripting Vulnerability in USB Backups App8.2Jul 25, 2022
• CVE-2022-23000Weak Default SSL use in Port Forwarding Service7.3Jul 25, 2022
• CVE-2022-22995Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk10.0Mar 25, 2022
• CVE-2022-22994Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices.8.8Jan 28, 2022
• CVE-2022-22993Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices.7.8Jan 28, 2022
• CVE-2022-22990Limited authentication bypass vulnerability on Western Digital My Cloud devices7.8Jan 13, 2022