Abdulla Ismayilov

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud NAS devices versions prior to 5.04.114 **Description** An issue was discovered that allows remote code execution with resultant escalation of privileges. **Recommendations** For versions prior to 5.04.114, update to version 5.04.114 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud Devices versions prior to 5.4.1140 **Description** The issue is related to a remote code execution vulnerability due to insufficient validation of user input in the reg device.php file. This vulnerability can be exploited, potentially allowing unauthorized access and control. **Recommendations** For versions prior to 5.4.1140, update to version 5.4.1140 or later to resolve the issue. As a temporary workaround, consider restricting access to the reg device.php file until a patch is applied. Avoid using the vulnerable reg device.php file in Western Digital My Cloud Devices until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud NAS devices versions prior to 5.04.114 Description: The issue is related to a remote code execution vulnerability in the `cgi api.php` component of Western Digital My Cloud NAS devices. This vulnerability is associated with insecure privilege management, which can be exploited by a remote attacker to execute arbitrary code, thereby escalating privileges. Recommendations: For versions prior to 5.04.114, update to version 5.04.114 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cgi api.php` component until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud NAS versions prior to 5.04.114 Description: The issue is related to insecure privilege management in the AvailableApps.php component of Western Digital MyCloud NAS microprogram software. It allows a remote attacker to execute arbitrary code, enabling escalation of privileges. Recommendations: For versions prior to 5.04.114, update to version 5.04.114 or later to resolve the issue. As a temporary workaround, consider restricting access to the AvailableApps.php component until a patch is applied.