CVE-2020-27158: OS Command Injection
First published: Tue Oct 27 2020(Updated: )
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital My Cloud Firmware | <5.04.114 | |
| Westerndigital My Cloud Ex4100 | ||
| Westerndigital My Cloud Expert Series Ex2 | ||
| Westerndigital My Cloud Mirror - Gen 2 | ||
| Westerndigital My Cloud Pr2100 | ||
| Westerndigital My Cloud Pr4100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-27158.
What is the severity of CVE-2020-27158?
The severity of CVE-2020-27158 is critical with a score of 9.8.
Which devices are affected by this vulnerability?
This vulnerability affects Western Digital My Cloud NAS devices prior to version 5.04.114.
How can I fix CVE-2020-27158?
To fix CVE-2020-27158, make sure to update your Western Digital My Cloud NAS device to version 5.04.114 or later.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Western Digital support website.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/westerndigital
- canonical/westerndigital my cloud firmware
- canonical/westerndigital my cloud ex4100
- canonical/westerndigital my cloud expert series ex2
- canonical/westerndigital my cloud mirror - gen 2
- canonical/westerndigital my cloud pr2100
- canonical/westerndigital my cloud pr4100