CRITICAL🇵🇱 Wersja polska

CVE-2023-22814

CVSS 10.0v3.1pub. 2023-07-01upd. 2024-11-21

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
  • Westerndigital My Cloud

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Dl2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Dl4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex2 Ultra

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Mirror G2

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Os

    OS
    Westerndigital
    5.02.104 – 5.26.202 (bez)
  • Westerndigital My Cloud Pr2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Pr4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital Wd Cloud

    HW
    Westerndigital
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-36331CRITICAL10.0ten sam produkt

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impe...

CVE-2022-29842CRITICAL9.8ten sam produkt

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...

CVE-2021-36226CRITICAL9.8ten sam produkt

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

CVE-2021-36224CRITICAL9.8ten sam produkt

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

CVE-2022-22995CRITICAL10.0ten sam produkt

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writi...