First published: Tue Dec 01 2020(Updated: )
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Western Digital MyCloud PR4100 | ||
Westerndigital My Cloud Os 5 | <5.06.115 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Mirror Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28971 is a vulnerability that allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100.
CVE-2020-28971 has a severity rating of 9.8, indicating a critical vulnerability.
The affected software version is Western Digital MyCloud OS 5 up to version 5.06.115.
The existing authentication mechanism can be bypassed.
Yes, Western Digital has released firmware version 5.06.115 to address the vulnerability.