We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.
Reserved 2023-01-06 | Published 2023-06-30 | Updated 2024-09-09 | Assigner WDC PSIRTCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Wil Gibbs and Arvind S Raj
www.westerndigital.com/...my-cloud-firmware-version-5-26-300
Support options