First published: Tue Dec 01 2020(Updated: )
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Western Digital MyCloud PR4100 | ||
Westerndigital My Cloud Os 5 | <5.06.115 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Mirror Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28940 is a vulnerability that allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100.
CVE-2020-28940 has a severity rating of 9.8 (Critical).
The existing authentication mechanism in CVE-2020-28940 can be bypassed by network-adjacent attackers.
CVE-2020-28940 affects Western Digital MyCloud PR4100.
Yes, Western Digital has released a firmware update (version 5.06.115) to address CVE-2020-28940. Users should update their firmware to the latest version.