CVE-2020-27159 – Addressed remote code execution vulnerability in DsdkProxy.php due to ins

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27159

Reference (s):

• https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114
• https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/
• https://www.westerndigital.com/support/productsecurity