Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWesterndigital My Cloud
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl2100 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Dl4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Dl4100 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Ex2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex2100 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Ex2 Ultra
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex2 Ultra Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Ex4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Ex4100 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Home
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Home Duo
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Home Duo Firmware
OSWesterndigital< 8.13.1-102Westerndigital My Cloud Home Firmware
OSWesterndigital< 8.13.1-102Westerndigital My Cloud Mirror G2
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Mirror G2 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Pr2100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Pr2100 Firmware
OSWesterndigital< 5.25.132Westerndigital My Cloud Pr4100
HWWesterndigitalwszystkie wersjeWesterndigital My Cloud Pr4100 Firmware
OSWesterndigital< 5.25.132Westerndigital Sandisk Ibi
HWWesterndigitalwszystkie wersjeWesterndigital Sandisk Ibi Firmware
OSWesterndigital< 8.13.1-102
Related vulnerabilities
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that co...
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writi...