First published: Tue Oct 27 2020(Updated: )
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Firmware | <5.04.114 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Expert Series Ex2 | ||
Westerndigital My Cloud Mirror - Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-27158.
The severity of CVE-2020-27158 is critical with a score of 9.8.
This vulnerability affects Western Digital My Cloud NAS devices prior to version 5.04.114.
To fix CVE-2020-27158, make sure to update your Western Digital My Cloud NAS device to version 5.04.114 or later.
You can find more information about this vulnerability on the Western Digital support website.