VYPR

Mycloud Nas

by Westerndigital

CVEs (5)

  • CVE-2016-10108CriJan 3, 2017
    risk 0.74cvss 9.8epss 0.95

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

  • CVE-2016-10107CriJan 3, 2017
    risk 0.65cvss 9.8epss 0.11

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

  • CVE-2020-27744Oct 29, 2020
    risk 0.01cvss epss 0.06

    An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.

  • CVE-2020-27159Oct 27, 2020
    risk 0.01cvss epss 0.06

    Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

  • CVE-2020-27158Oct 27, 2020
    risk 0.01cvss epss 0.07

    Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.