Western Digital My Cloud
Approved changes feed: RSS · Atom
cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:*
part: h version: - update: *
| Vendor | Westerndigital (31f3ce61-d65f-59c0-8a6e-4a83464a1be1) |
|---|---|
| Product | My Cloud (99c0e2ad-9291-5116-ba89-59ae766643cf) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-22994 |
not_vulnerable | 2026-06-03 14:46:26.064425 |
Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices.
HIGH (8.8)
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.
Published: 2022-01-28T19:35:05.000Z
Updated: 2024-08-03T03:28:42.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22993 |
not_vulnerable | 2026-06-03 14:46:26.063800 |
Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices.
HIGH (7.8)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Published: 2022-01-28T19:09:29.000Z
Updated: 2024-08-03T03:28:43.023Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22992 |
not_vulnerable | 2026-06-03 14:46:26.063056 |
Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices.
HIGH (7.8)
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
Published: 2022-01-28T19:35:04.000Z
Updated: 2024-08-03T03:28:42.853Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.