ZDI-23-850: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability.

arbitrary code attackers authentication code devices digital exploit forgery mycloud nas network pwn2own request server server-side request forgery vulnerability western western digital zdi