Mrakhmanov

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud devices (affected versions not specified) **Description** A remote code execution issue was discovered, allowing an attacker to trick a NAS device into loading through an unsecured HTTP call due to insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Western Digital MyCloud PR4100 (affected versions not specified) **Description** A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. The issue was addressed by disabling checks for internet connectivity using HTTP. **Recommendations** To resolve the issue, disable checks for internet connectivity using HTTP. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR RAX40 versions prior to 1.0.3.80 **Description** The issue is related to the incorrect configuration of security settings. **Recommendations** For versions prior to 1.0.3.80, update to version 1.0.3.80 or later to resolve the issue.