Western Digital My Cloud PR2100 Firmware 5.25.132

CPE Details

Western Digital My Cloud PR2100 Firmware 5.25.132
westerndigital
my_cloud_pr2100_firmware
5.25.132
2023-06-21
10h25 +00:00
2023-07-29
01h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:5.25.132:*:*:*:*:*:*:*

Informations

Vendor

westerndigital

Product

my_cloud_pr2100_firmware

Version

5.25.132

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-22817 2024-02-05 21h26 +00:00 Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. 
5.5
Medium
CVE-2022-29843 2023-01-25 00h00 +00:00 A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
9.8
Critical
CVE-2022-29844 2023-01-25 00h00 +00:00 A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.