← Back

CVE-2021-3310

nvd nist
Published: Mar 10, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).

Affected (1)

Westerndigital
1 product
My Cloud Os
Configuration A
1 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
My Cloud Os
Before 5.10.122
Running on/withPlatform Versions
Westerndigital
My Cloud Dl2100
All versions
Westerndigital
My Cloud Dl4100
All versions
Westerndigital
My Cloud Ex2100
All versions
Westerndigital
My Cloud Ex2 Ultra
All versions
Westerndigital
My Cloud Ex4100
All versions
Westerndigital
My Cloud Mirror Gen 2
All versions
Westerndigital
My Cloud Pr2100
All versions
Westerndigital
My Cloud Pr4100
All versions

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.