CVE-2021-3310

HIGH

Western Digital My Cloud OS < 5.10.122 - Symbolic Link Following via SMB and AFP Shares

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3310. PoCs published by piffd0s.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-3310, an information disclosure vulnerability in Western Digital MyCloud PR4100. The exploit leverages symbolic link manipulation and session leakage to enable SSH access with a hardcoded password.

Description

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).

Exploits (1)

nomisec WORKING POC 1 stars
by piffd0s · poc
https://github.com/piffd0s/CVE-2021-3310

This repository contains functional exploit code for CVE-2021-3310, an information disclosure vulnerability in Western Digital MyCloud PR4100. The exploit leverages symbolic link manipulation and session leakage to enable SSH access with a hardcoded password.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Western Digital MyCloud PR4100 (OS 3, patched in OS 5)
No auth needed
Prerequisites: Network access to the target device · AFP and SMB shares accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0114
EPSS Percentile 78.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-59
Status published
Products (1)
westerndigital/my_cloud_os < 5.10.122
Published Mar 10, 2021
Tracked Since Feb 18, 2026