Vulnerability Description
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Firmware | < 5.04.114 |
| Westerndigital | My Cloud Ex2 Ultra | - |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Mirror Gen2 | - |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 | - |
Related Weaknesses (CWE)
References
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-8ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmwaVendor Advisory
- https://www.comparitech.com/blog/information-security/security-vulnerabilities-8ExploitThird Party Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmwaVendor Advisory
FAQ
What is CVE-2020-27744?
CVE-2020-27744 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
How severe is CVE-2020-27744?
CVE-2020-27744 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27744?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Firmware, Westerndigital My Cloud Ex2 Ultra, Westerndigital My Cloud Ex4100, Westerndigital My Cloud Mirror Gen2, Westerndigital My Cloud Pr2100.