Western Digital My Cloud Multiple Vulnerabilities
Release Date:
24 Jan 2022
4854
Views
RISK: High Risk
TYPE: Operating Systems - Cloud & Cluster
Multiple vulnerabilities were identified in Western Digital My Cloud. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass, spoofing, elevation of privilege and remote code execution on the targeted system.
Impact
- Denial of Service
- Remote Code Execution
- Spoofing
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- Western Digital My Cloud PR2100 version prior to 5.19.117
- Western Digital My Cloud PR4100 version prior to 5.19.117
- Western Digital My Cloud EX4100 version prior to 5.19.117
- Western Digital My Cloud EX2 Ultra version prior to 5.19.117
- Western Digital My Cloud Mirror Gen 2 version prior to 5.19.117
- Western Digital My Cloud DL2100 version prior to 5.19.117
- Western Digital My Cloud EX2100 version prior to 5.19.117
- Western Digital My Cloud version prior to 5.19.117
- Western Digital Cloud version prior to 5.19.117
- Western Digital My Cloud EX2 version prior to 2.12.144
- Western Digital My Cloud EX4 version prior to 2.12.144
- Western Digital My Cloud Mirror version prior to 2.12.144
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117
https://www.westerndigital.com/support/product-security/wdc-22001-my-cloud-os3-firmware-2-12-144
Vulnerability Identifier
- CVE-2020-21913
- CVE-2020-25717
- CVE-2021-34798
- CVE-2021-36160
- CVE-2021-39275
- CVE-2021-40438
- CVE-2022-22989
- CVE-2022-22990
- CVE-2022-22991
Source
Related Link
Related Tags
Share with