CVE-2021-36225
First published: Mon Feb 06 2023(Updated: )
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital My Cloud Os | <5.02.104 | |
| Westerndigital My Cloud Pr4100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36225?
CVE-2021-36225 is a vulnerability found in Western Digital My Cloud devices before OS5, which allows REST API access by low-privileged accounts.
How severe is CVE-2021-36225?
CVE-2021-36225 has a severity rating of 8.8, which is considered high.
Which software versions are affected by CVE-2021-36225?
Western Digital My Cloud devices before OS5 with a version up to and excluding 5.02.104 are affected by CVE-2021-36225.
How can the vulnerability in CVE-2021-36225 be exploited?
The vulnerability in CVE-2021-36225 can be exploited through API commands for firmware uploads and installation.
Are Western Digital My Cloud PR4100 devices affected by CVE-2021-36225?
No, Western Digital My Cloud PR4100 devices are not affected by CVE-2021-36225.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/westerndigital
- canonical/westerndigital my cloud os
- canonical/westerndigital my cloud pr4100