Search
Search Results (86 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10705 | 1 Westerndigital | 40 Sandisk X600 Sd9sb8w-128g, Sandisk X600 Sd9sb8w-128g Firmware, Sandisk X600 Sd9sb8w-1t00 and 37 more | 2024-11-21 | 7.5 High |
| Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | ||||
| CVE-2018-9148 | 1 Westerndigital | 2 My Cloud, My Cloud Firmware | 2024-11-21 | N/A |
| Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud. | ||||
| CVE-2018-7928 | 1 Westerndigital | 1 My Cloud | 2024-11-21 | N/A |
| There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. | ||||
| CVE-2018-1151 | 1 Westerndigital | 4 Tv Live Hub, Tv Live Hub Firmware, Tv Media Player and 1 more | 2024-11-21 | N/A |
| The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi. | ||||
| CVE-2018-18472 | 1 Westerndigital | 2 My Book Live, My Book Live Firmware | 2024-11-21 | N/A |
| Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands, | ||||
| CVE-2024-22169 | 1 Westerndigital | 1 Wd Discovery | 2024-08-05 | N/A |
| WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device. | ||||