Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Western Digital — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting Western Digital. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Western Digital manufactures data storage solutions, including hard drives, solid-state drives, and network-attached storage devices, serving both consumer and enterprise markets. The company’s product portfolio, particularly its NAS and cloud-connected storage units, has historically been associated with numerous security flaws. Recorded vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces or firmware components. These weaknesses allow attackers to potentially gain unauthorized access to stored data or compromise the underlying device. While specific major public breaches are less documented compared to larger software vendors, the high volume of Common Vulnerabilities and Exposures indicates persistent challenges in securing embedded systems and web management consoles. Maintaining robust firmware updates and secure configuration practices remains critical for mitigating risks associated with these storage appliances.

Top products by Western Digital: My Cloud My Cloud OS 5 My Cloud Home My Cloud Home and My Cloud Home Duo Sweet B Library WD Discovery TV Media Player EdgeRover My Cloud OS 5 Mobile App My Cloud Home web app
CVE IDTitleCVSSSeverityPublished
CVE-2025-30248 Western Digital WD Discovery 安全漏洞 — WD DiscoveryCWE-427 7.8AIHighAI2026-01-26
CVE-2025-30247 Western Digital My Cloud 安全漏洞 — My CloudCWE-78 9.8AICriticalAI2025-09-29
CVE-2024-22170 Unchecked buffer in Dynamic DNS client — My CloudCWE-119 9.8AICriticalAI2024-09-27
CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery — WD DiscoveryCWE-94 7.3AIHighAI2024-08-02
CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps — My Cloud Home web appCWE-79 5.4AIMediumAI2024-06-24
CVE-2023-22819 Uncontrolled resource consumption vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products — My Cloud OS 5CWE-770 4.9 Medium2024-02-05
CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products — My Cloud OS 5CWE-918 5.5 Medium2024-02-05
CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices — My Cloud OS 5CWE-290 10.0 Critical2023-06-30
CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices — My Cloud OS 5CWE-78 6.2 Medium2023-06-30
CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products — My Cloud OS 5CWE-78 6.0 Medium2023-06-30
CVE-2022-36331 Impersonation attack causing an Authentication Bypass on Western Digital devices — My Cloud OS 5CWE-290 10.0 Critical2023-06-12
CVE-2022-36328 Path Traversal Vulnerability leading to an arbitrary file read in Western Digital devices — My Cloud Home and My Cloud Home DuoCWE-22 5.8 Medium2023-05-18
CVE-2022-36327 Path traversal vulnerability leading to an arbitrary file write in Western Digital devices — My Cloud Home and My Cloud Home DuoCWE-22 5.8 Medium2023-05-18
CVE-2022-36326 Resource Exhaustion Vulnerability in Western Digital devices — My Cloud Home and My Cloud Home DuoCWE-400 4.4 Medium2023-05-18
CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices — My Cloud OS 5CWE-918 5.1 Medium2023-05-10
CVE-2022-29841 OS Command Injection vulnerability in Western Digital My Cloud devices — My Cloud OS 5CWE-78 8.0 High2023-05-10
CVE-2022-29842 Command Injection Vulnerability in Western Digital My Cloud devices — My Cloud OS 5CWE-77 9.8 Critical2023-05-10
CVE-2022-36329 Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices — My Cloud Home and My Cloud Home DuoCWE-400 4.4 Medium2023-05-10
CVE-2022-36330 Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices — My Cloud Home and My Cloud Home DuoCWE-120 1.9 Low2023-05-09
CVE-2023-22813 Device API endpoint missing access controls on Western Digital Mobile and Web Apps — My Cloud OS 5 Mobile AppCWE-200 3.3 Low2023-05-08
CVE-2022-29843 Western Digital My Cloud OS 5 devices Command Injection Vulnerability — My CloudCWE-78 6.2 Medium2023-01-25
CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp — My CloudCWE-23 6.7 Medium2023-01-25
CVE-2022-29839 Remote Backups Application Discloses Stored Credentials — My CloudCWE-522 4.1 Medium2022-12-09
CVE-2022-29838 Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices — My CloudCWE-287 4.3 Medium2022-12-09
CVE-2022-29837 Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices — My Cloud HomeCWE-22 4.7 Medium2022-12-01
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API — My Cloud HomeCWE-22 1.9 Low2022-11-09
CVE-2022-23006 Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi — My Cloud HomeCWE-121 1.8 Low2022-09-27
CVE-2022-29835 WD Discovery's Use of Weak Hashing Algorithm for Code Signing — WD DiscoveryCWE-328 5.3 Medium2022-09-19
CVE-2022-23004 Algorithm incorrectly returning error and Invalid unreduced value written to output buffer — Sweet B LibraryCWE-707 5.3 Medium2022-07-29
CVE-2022-23003 Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero — Sweet B LibraryCWE-703 5.3 Medium2022-07-29

This page lists every published CVE security advisory associated with Western Digital. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.