A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-348/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
18 Mar 2022, 20:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-348/ - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 8.8 |
15 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Feb 2022, 02:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-918 | |
CPE | cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* |
|
First Time |
Westerndigital my Cloud Ex4100
Westerndigital my Cloud Mirror Gen 2 Westerndigital my Cloud Dl2100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Pr2100 Westerndigital my Cloud Ex2100 Westerndigital my Cloud Dl4100 Westerndigital my Cloud Pr4100 Westerndigital my Cloud Westerndigital my Cloud Os Westerndigital Westerndigital wd Cloud |
|
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 - Vendor Advisory |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-22993
Mitre link : CVE-2022-22993
CVE.ORG link : CVE-2022-22993
JSON object : View
Products Affected
westerndigital
- my_cloud_dl2100
- my_cloud_os
- my_cloud_pr4100
- my_cloud_mirror_gen_2
- my_cloud_ex2100
- my_cloud_ex2_ultra
- my_cloud
- my_cloud_ex4100
- my_cloud_dl4100
- wd_cloud
- my_cloud_pr2100
CWE
CWE-918
Server-Side Request Forgery (SSRF)