First published: Tue Oct 27 2020(Updated: )
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Firmware | <5.04.114 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Expert Series Ex2 | ||
Westerndigital My Cloud Mirror - Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25765 is a remote code execution vulnerability in reg_device.php in Western Digital My Cloud Devices prior to 5.4.1140.
CVE-2020-25765 has a severity score of 9.8, which is classified as critical.
CVE-2020-25765 affects Western Digital My Cloud Devices prior to version 5.4.1140 by allowing remote code execution due to insufficient validation of user input in reg_device.php.
The Common Vulnerability Enumeration (CVE) identifier for this vulnerability is CVE-2020-25765.
To fix CVE-2020-25765, it is recommended to update Western Digital My Cloud Devices to version 5.4.1140 or later.