PT-2020-17066 · Western Digital · Western Digital My Cloud Os 5

Lays

Published

2020-12-01

Updated

2022-04-26

CVE-2020-28940

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud OS 5 versions prior to 5.06.115

Description The NAS Admin dashboard has an authentication bypass issue that could allow an unauthenticated user to execute privileged commands on the device. This could potentially lead to unauthorized access and control of the device.

Recommendations For Western Digital My Cloud OS 5 versions prior to 5.06.115, update to version 5.06.115 or later to resolve the issue. As a temporary workaround, consider restricting access to the NAS Admin dashboard until the update can be applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-28940

ZDI-20-1445

Affected Products

Western Digital My Cloud Os 5

PT-2020-17066 · Western Digital · Western Digital My Cloud Os 5

CVE-2020-28940

Weakness Enumeration

Related Identifiers

Affected Products

References · 7