First published: Mon Feb 06 2023(Updated: )
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Os | <5.02.104 | |
Westerndigital My Cloud Pr4100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36225 is a vulnerability found in Western Digital My Cloud devices before OS5, which allows REST API access by low-privileged accounts.
CVE-2021-36225 has a severity rating of 8.8, which is considered high.
Western Digital My Cloud devices before OS5 with a version up to and excluding 5.02.104 are affected by CVE-2021-36225.
The vulnerability in CVE-2021-36225 can be exploited through API commands for firmware uploads and installation.
No, Western Digital My Cloud PR4100 devices are not affected by CVE-2021-36225.