Mycloud Nas
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10108 | Cri | 0.74 | 9.8 | 0.95 | Jan 3, 2017 | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | ||
| CVE-2016-10107 | Cri | 0.65 | 9.8 | 0.11 | Jan 3, 2017 | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | ||
| CVE-2020-27744 | 0.01 | — | 0.06 | Oct 29, 2020 | An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. | |||
| CVE-2020-27159 | 0.01 | — | 0.06 | Oct 27, 2020 | Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | |||
| CVE-2020-27158 | 0.01 | — | 0.07 | Oct 27, 2020 | Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. |
- risk 0.74cvss 9.8epss 0.95
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
- risk 0.65cvss 9.8epss 0.11
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
- CVE-2020-27744Oct 29, 2020risk 0.01cvss —epss 0.06
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
- CVE-2020-27159Oct 27, 2020risk 0.01cvss —epss 0.06
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
- CVE-2020-27158Oct 27, 2020risk 0.01cvss —epss 0.07
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.