Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-277/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Mar 2021, 17:42
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122 - Vendor Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-277/ - Third Party Advisory | |
CWE | CWE-59 | |
CPE | cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
11 Mar 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-10 05:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3310
Mitre link : CVE-2021-3310
CVE.ORG link : CVE-2021-3310
JSON object : View
Products Affected
westerndigital
- my_cloud_pr4100
- my_cloud_ex4100
- my_cloud_os
- my_cloud_dl2100
- my_cloud_dl4100
- my_cloud_pr2100
- my_cloud_mirror_gen_2
- my_cloud_ex2_ultra
- my_cloud_ex2100
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')