WesterndigitalCVEs & Vulnerabilities

83 CVEs affecting Westerndigital products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

my cloud pr4100 42my cloud ex4100 38my cloud pr2100 37my cloud ex2 ultra 33my cloud dl4100 28my cloud ex2100 28my cloud dl2100 28my cloud 25
CVE-2021-28653MEDIUM

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.

19 Mar 2021
6.5
CVSS
CVE-2021-3310HIGH

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).

10 Mar 2021
7.8
CVSS
CVE-2020-29654HIGH

Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.

12 Dec 2020
7.8
CVSS
CVE-2020-29563CRITICAL

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

12 Dec 2020
9.8
CVSS
CVE-2020-28971CRITICAL

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.

1 Dec 2020
9.8
CVSS
CVE-2020-28970CRITICAL

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)

1 Dec 2020
9.8
CVSS
CVE-2020-28940CRITICAL

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

1 Dec 2020
9.8
CVSS
CVE-2020-13799MEDIUM

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.

19 Nov 2020
6.8
CVSS
CVE-2020-27744CRITICAL

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.

29 Oct 2020
9.8
CVSS
CVE-2020-27160CRITICAL

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).

27 Oct 2020
9.8
CVSS
CVE-2020-27159CRITICAL

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

27 Oct 2020
9.8
CVSS
CVE-2020-27158CRITICAL

Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.

27 Oct 2020
9.8
CVSS
CVE-2020-25765CRITICAL

Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.

27 Oct 2020
9.8
CVSS
CVE-2020-12830CRITICAL

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

27 Oct 2020
9.8
CVSS
CVE-2020-15816HIGH

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.

17 Jul 2020
8.8
CVSS
CVE-2020-12427HIGH

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

13 May 2020
8.8
CVSS
CVE-2020-10951MEDIUM

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

15 Apr 2020
4.7
CVSS
CVE-2019-10705HIGH

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.

10 Mar 2020
7.5
CVSS
CVE-2019-11686MEDIUM

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.

10 Mar 2020
5.5
CVSS
CVE-2019-10706MEDIUM

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

10 Mar 2020
6.3
CVSS
CVE-2020-8960MEDIUM

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.

21 Feb 2020
6.1
CVSS
CVE-2020-8959HIGH

Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.

19 Feb 2020
7.8
CVSS
CVE-2019-13467MEDIUM

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.

30 Sep 2019
5.9
CVSS
CVE-2019-13466HIGH

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.

30 Sep 2019
7.5
CVSS
CVE-2019-16399CRITICALpoc

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.

18 Sep 2019
9.8
CVSS
CVE-2018-18472CRITICAL

Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,

19 Jun 2019
9.8
CVSS
CVE-2019-9949HIGH

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

23 May 2019
8.8
CVSS
CVE-2019-9950CRITICAL

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.

24 Apr 2019
9.8
CVSS
CVE-2018-7928MEDIUM

There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.

9 Oct 2018
4.6
CVSS
CVE-2018-1151CRITICAL

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.

12 Jun 2018
9.8
CVSS
CVE-2018-9148CRITICAL

Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.

30 Mar 2018
9.8
CVSS
CVE-2017-17560CRITICALpoc

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

12 Dec 2017
9.8
CVSS
CVE-2014-5876MEDIUM

The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

11 Sep 2014
5.4
CVSS
CVE-2014-2846HIGHpoc

Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.

28 Apr 2014
7.5
CVSS
CVE-2013-5006MEDIUMpoc

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.

31 Jul 2013
4.3
CVSS
← PrevPage 2 / 2Next →