westerndigital my_cloud CVE Vulnerabilities (2)

CVEs: 2 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting westerndigital my_cloud (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-22813 A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker- [email protected] 3.3 0.46% 2023-05-08 2026-06-17
CVE-2018-7928 There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. [email protected] 4.6 0.34% 2018-10-09 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence