The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:LWesterndigital My Cloud
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl2100 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Dl4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl4100 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Ex2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex2100 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Ex2 Ultra
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex2 Ultra Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Ex4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex4100 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Mirror G2
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Mirror G2 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Pr2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Pr2100 Firmware
OSWesterndigital< 5.23.114Westerndigital My Cloud Pr4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Pr4100 Firmware
OSWesterndigital< 5.23.114
Powiązane podatności
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that co...
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impe...
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.