Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Western Digital — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting Western Digital. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Western Digital manufactures data storage solutions, including hard drives, solid-state drives, and network-attached storage devices, serving both consumer and enterprise markets. The company’s product portfolio, particularly its NAS and cloud-connected storage units, has historically been associated with numerous security flaws. Recorded vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces or firmware components. These weaknesses allow attackers to potentially gain unauthorized access to stored data or compromise the underlying device. While specific major public breaches are less documented compared to larger software vendors, the high volume of Common Vulnerabilities and Exposures indicates persistent challenges in securing embedded systems and web management consoles. Maintaining robust firmware updates and secure configuration practices remains critical for mitigating risks associated with these storage appliances.

Top products by Western Digital: My Cloud My Cloud OS 5 My Cloud Home My Cloud Home and My Cloud Home Duo Sweet B Library WD Discovery TV Media Player EdgeRover My Cloud OS 5 Mobile App My Cloud Home web app
CVE IDTitleCVSSSeverityPublished
CVE-2022-23002 Point Compression/Decompression of NIST P-256 points with X coordinate of zero — Sweet B LibraryCWE-703 5.3 Medium2022-07-29
CVE-2022-23001 Sweet-B Library: Point compress/decompress using the wrong bit for sign — Sweet B LibraryCWE-682 5.3 Medium2022-07-29
CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App — My CloudCWE-79 8.2 High2022-07-25
CVE-2022-23000 Weak Default SSL use in Port Forwarding Service — My CloudCWE-757 7.3 High2022-07-25
CVE-2022-22997 Command Injection Vulnerability on My Cloud Home — My Cloud HomeCWE-78 6.8 Medium2022-07-12
CVE-2022-22998 Protecting AWS credentials stored in plaintext on My Cloud Home — My Cloud HomeCWE-522 8.0 High2022-07-12
CVE-2022-22995 Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk — My CloudCWE-59 10.0 Critical2022-03-25
CVE-2022-22994 Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices. — My CloudCWE-345 8.8 High2022-01-28
CVE-2022-22993 Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices. — My CloudCWE-918 7.8 High2022-01-28
CVE-2022-22988 Insecure file and directory permissions on EdgeRover — EdgeRoverCWE-275 7.7 High2022-01-13
CVE-2022-22990 Limited authentication bypass vulnerability on Western Digital My Cloud devices — My CloudCWE-287 7.8 High2022-01-13
CVE-2022-22991 Command injection through unsecured HTTP calls on Western Digital My Cloud devices — My CloudCWE-78 7.8 High2022-01-13
CVE-2022-22989 Pre-authenticated stack overflow vulnerability on FTP Service — My CloudCWE-121 9.8 Critical2022-01-13
CVE-2018-1151 Western Digital TV Media Player和TV Live Hub 安全漏洞 — TV Media Player 9.8 -2018-06-12

This page lists every published CVE security advisory associated with Western Digital. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.