CVE-2022-22992

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*

History

11 Jul 2023, 20:21

Type Values Removed Values Added
CWE CWE-77 CWE-116

04 Feb 2022, 02:30

Type Values Removed Values Added
References (MISC) https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 - (MISC) https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 - Vendor Advisory
First Time Westerndigital my Cloud Ex4100
Westerndigital my Cloud Mirror Gen 2
Westerndigital my Cloud Dl2100
Westerndigital my Cloud Ex2 Ultra
Westerndigital my Cloud Pr2100
Westerndigital my Cloud Ex2100
Westerndigital my Cloud Dl4100
Westerndigital my Cloud Pr4100
Westerndigital my Cloud
Westerndigital my Cloud Os
Westerndigital
Westerndigital wd Cloud
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
CPE cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
CWE CWE-77

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2023-12-10 14:09


NVD link : CVE-2022-22992

Mitre link : CVE-2022-22992

CVE.ORG link : CVE-2022-22992


JSON object : View

Products Affected

westerndigital

  • my_cloud_pr4100
  • wd_cloud
  • my_cloud_ex4100
  • my_cloud_os
  • my_cloud_dl2100
  • my_cloud
  • my_cloud_dl4100
  • my_cloud_pr2100
  • my_cloud_mirror_gen_2
  • my_cloud_ex2_ultra
  • my_cloud_ex2100
CWE
CWE-116

Improper Encoding or Escaping of Output