Western Digital · Western Digital My Cloud Os 5 · CVE-2020-28971
**Name of the Vulnerable Software and Affected Versions**
Western Digital My Cloud OS 5 versions prior to 5.06.115
**Description**
An issue was discovered that could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. This is due to a NAS Admin authentication bypass, which could be exploited by an unauthenticated user.
**Recommendations**
For Western Digital My Cloud OS 5 versions prior to 5.06.115, update to version 5.06.115 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.