First published: Tue Oct 27 2020(Updated: )
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Firmware | <5.04.114 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Expert Series Ex2 | ||
Westerndigital My Cloud Mirror - Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-27159.
The severity of CVE-2020-27159 is critical with a severity score of 9.8.
The Western Digital My Cloud NAS devices prior to version 5.04.114 are affected by CVE-2020-27159.
To fix CVE-2020-27159, update your Western Digital My Cloud NAS devices to version 5.04.114 or later.
You can find more information about CVE-2020-27159 on the following websites: [Comparitech](https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/), [Western Digital Support](https://www.westerndigital.com/support/productsecurity), [Western Digital My Cloud Firmware Version 5.04.114](https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114).