Description
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/productsecurity
Vendor Advisory x_refsource_confirm
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
Exploit, Third Party Advisory x_refsource_misc
https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
Scores
CVSS v3
9.8
EPSS
0.0595
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
westerndigital/my_cloud_firmware
< 5.04.114
Published
Oct 27, 2020
Tracked Since
Feb 18, 2026