Authentication Bypass Vulnerability in Western Digital My Cloud OS 5 Devices

Authentication Bypass Vulnerability in Western Digital My Cloud OS 5 Devices

CVE-2020-28940 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

Learn more about our Cloud Audit.