📦 My Cloud Os

This vulnerability allows attackers to bypass authentication by spoofing tokens, enabling impersonation attacks on affected My Cloud OS 5 devices. It impacts users of these devices running firmware ve...

This vulnerability allows unauthenticated attackers to gain root access to Western Digital My Cloud network-attached storage devices by exploiting a default 'nobody' account with a blank password. It ...

Western Digital My Cloud devices running firmware before OS5 lack cryptographic signature verification for firmware updates, allowing attackers to upload and execute malicious firmware. This affects a...

CVE-2022-22989 is a critical pre-authentication stack overflow vulnerability in My Cloud OS 5's FTP service that allows unauthenticated attackers on the same network to execute arbitrary code. This af...

This CVE describes a command injection vulnerability in Western Digital My Cloud devices that allows remote attackers to execute arbitrary system commands. The vulnerability occurs when user input is ...

This CVE describes a remote code execution vulnerability in Western Digital My Cloud NAS devices where attackers can exploit insufficient verification of HTTP calls to trick the device into loading ma...

CVE-2022-22990 is an authentication bypass vulnerability in Western Digital My Cloud devices that allows attackers to bypass limited authentication checks, potentially leading to remote code execution...

Western Digital My Cloud OS 5 devices before version 5.10.122 have a symbolic link following vulnerability in SMB and AFP shares. This allows attackers to read local files (information disclosure) and...