Vulnerability Description
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Firmware | < 5.04.114 |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Expert Series Ex2 | - |
| Westerndigital | My Cloud Mirror - Gen 2 | - |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 | - |
Related Weaknesses (CWE)
References
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-8ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurityVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmwaVendor Advisory
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-8ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurityVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmwaVendor Advisory
FAQ
What is CVE-2020-27159?
CVE-2020-27159 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
How severe is CVE-2020-27159?
CVE-2020-27159 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27159?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Firmware, Westerndigital My Cloud Ex4100, Westerndigital My Cloud Expert Series Ex2, Westerndigital My Cloud Mirror - Gen 2, Westerndigital My Cloud Pr2100.