Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Insight
Insight
The following issues have been addressed: - Apache updated to version 2.4.38 (CVE-2019-0211) - Webfile viewer disabled for non-admin users (CVE-2019-9949) - Removed remember-me mechanism from login page - Resolved authenticated arbitrary file operation and authenticated command injection vulnerabilities - Added protection against file patht raversal - Resolved authentication bypass vulnerability - Mitigation added for user session hijacking - Added protection against cookie modification vulnerabilities
Affected Software
Affected Software
Western Digital My Cloud with firmware versions prior to 2.31.183.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to firmware version 2.31.183 or later. Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.