Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
12 Dec 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
First Time |
Westerndigital my Cloud Dl2100
Westerndigital Westerndigital my Cloud Pr2100 Westerndigital my Cloud Dl4100 Westerndigital my Cloud Ex2100 Westerndigital my Cloud Mirror G2 Westerndigital wd Cloud Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Ex4100 Westerndigital my Cloud Pr4100 Westerndigital my Cloud Os Westerndigital my Cloud |
|
CPE | cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124 - Vendor Advisory |
09 Dec 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-09 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-29838
Mitre link : CVE-2022-29838
CVE.ORG link : CVE-2022-29838
JSON object : View
Products Affected
westerndigital
- my_cloud_pr4100
- wd_cloud
- my_cloud_ex4100
- my_cloud_os
- my_cloud_dl2100
- my_cloud
- my_cloud_dl4100
- my_cloud_mirror_g2
- my_cloud_pr2100
- my_cloud_ex2_ultra
- my_cloud_ex2100
CWE
CWE-287
Improper Authentication