CVE-2021-3310
7.8 HIGHWestern Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares
Published: 2021-03-10 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-59
Affected products
| Vendor | Product |
|---|---|
| westerndigital | my_cloud_os |
Description
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3310
- [Vendor advisory]https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122
- [Other]https://www.zerodayinitiative.com/advisories/ZDI-21-277/
- [Vendor advisory]https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122
- [Other]https://www.zerodayinitiative.com/advisories/ZDI-21-277/
Related CVEs
Same vendor
- CVE-2020-13799 — Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple sta... (6.8 MEDIUM)
Same CWE
- CVE-2026-50656 — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ... (7.8 HIGH)
- CVE-2026-54230 — A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport (7.0 HIGH)
- CVE-2026-54056 — Kitty is a cross-platform GPU based terminal (7.6 HIGH)
- CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)