CRITICAL🇵🇱 Wersja polska

CVE-2021-36226

CVSS 9.8v3.1pub. 2023-02-06upd. 2025-03-26

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Westerndigital My Cloud Os

    OS
    Westerndigital
    < 5.02.104
  • Westerndigital My Cloud Pr4100

    HW
    Westerndigital
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-22814CRITICAL10.0ten sam produkt

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that co...

CVE-2022-36331CRITICAL10.0ten sam produkt

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impe...

CVE-2022-29842CRITICAL9.8ten sam produkt

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...

CVE-2021-36224CRITICAL9.8ten sam produkt

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

CVE-2022-22995CRITICAL10.0ten sam produkt

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writi...