← Back

CVE-2019-9951

nvd nist
Published: Apr 24, 2019Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.

Affected (9)

Western Digital
9 products
My Cloud Mirror Gen 2 Firmware
My Cloud Ex2 Ultra Firmware
My Cloud Ex2100 Firmware
My Cloud Ex4100
My Cloud Dl2100
My Cloud Dl4100 Firmware
My Cloud Pr2100 Firmware
My Cloud Pr4100
My Cloud Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Mirror Gen 2 Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Mirror Gen 2
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2 Ultra Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Ex2 Ultra
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2100 Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Ex2100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex4100
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Ex4100
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl2100
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Dl2100
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl4100 Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Dl4100
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr2100 Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Pr2100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr4100
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud Pr4100
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Firmware
Before 2.31.174
Running on/withPlatform Versions
Western Digital
My Cloud
All versions

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.