My cloud firmware
This hub aggregates every CVE we track for My cloud firmware, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
11
Critical
2
High
0
In CISA KEV
Severity distribution
CRITICAL11HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 13 most recently published vulnerabilities affecting My cloud firmware.
- CVE-2022-36331Impersonation attack causing an Authentication Bypass on Western Digital devices10.0
- CVE-2022-23000Weak Default SSL use in Port Forwarding Service7.3
- CVE-2022-22995Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk10.0
- CVE-2020-27744An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.9.8
- CVE-2020-25765Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.9.8
- CVE-2020-27159Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.1149.8
- CVE-2020-27158Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.9.8
- CVE-2020-27160Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).9.8
- CVE-2020-12830Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud de...9.8
- CVE-2019-9949Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-pri...8.8
- CVE-2019-9951Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 ...9.8
- CVE-2019-9950Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 ...9.8
- CVE-2018-9148Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: th...9.8
Product normalization is registry-driven with AI assist and human review. How it works