Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web application abuses
Title:Western Digital My Cloud Multiple Products < 2.12.127 / 2.20 - 2.30 < 2.31.149 Multiple Vulnerabilities
Summary:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE-2016-10107

- Resolved multiple cross site request forgery (CSRF) vulnerabilities

- Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195)

- Resolved multiple denial-of-service vulnerabilities

- Improved security by disabling SSH shadow information

- Resolved a buffer overflow issue that could lead to unauthenticated access

- Resolved a click-jacking vulnerability in the webinterface

- Resolved multiple security issues in the Webfile viewer on-devic eapp

- Improved the security of volume mount options

- Resolved multiple security issues in the EULA onboarding flow

- Resolved leakage of debug messages in the webinterface

- Improved credential handling for the remote MyCloud-to-MyCloud backup feature

- Improved credential handling for upload-logs-to-support option

Addiditionally the following components received an update containing security fixes:

- Apache v2.4.34

- PHP v5.4.45

- OpenSSH v7.5p1

- OpenSSL v1.0.1u

- libupnp v1.6.25 (CVE-2012-5958)

- jQuery v3.3.1 (CVE-2010-5312)

- Rsync v3.0.7

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.12.127
and 2.2 - 2.3 versions prior to 2.31.149.

Update to firmware version 2.12.127, 2.31.149 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5195
BugTraq ID: 93793
CERT/CC vulnerability note: VU#243144
RedHat Security Advisories: RHSA-2016:2098
RedHat Security Advisories: RHSA-2016:2105
RedHat Security Advisories: RHSA-2016:2106
RedHat Security Advisories: RHSA-2016:2107
RedHat Security Advisories: RHSA-2016:2110
RedHat Security Advisories: RHSA-2016:2118
RedHat Security Advisories: RHSA-2016:2120
RedHat Security Advisories: RHSA-2016:2124
RedHat Security Advisories: RHSA-2016:2126
RedHat Security Advisories: RHSA-2016:2127
RedHat Security Advisories: RHSA-2016:2128
RedHat Security Advisories: RHSA-2016:2132
RedHat Security Advisories: RHSA-2016:2133
RedHat Security Advisories: RHSA-2017:0372
SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5958
BugTraq ID: 57602
CERT/CC vulnerability note: VU#922681
Cisco Security Advisory: 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
Debian Security Information: DSA-2614 (Google Search)
Debian Security Information: DSA-2615 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0255 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
BugTraq ID: 71106
Debian Security Information: DSA-3249 (Google Search)
RedHat Security Advisories: RHSA-2015:0442
RedHat Security Advisories: RHSA-2015:1462
XForce ISS Database: jqueryui-cve20105312-xss(98696)
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2020 E-Soft Inc. All rights reserved.