Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 May 2023, 19:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 - Patch, Vendor Advisory | |
First Time |
Westerndigital my Cloud Mirror G2
Westerndigital my Cloud Pr2100 Westerndigital my Cloud Pr4100 Westerndigital my Cloud Ex4100 Westerndigital wd Cloud Westerndigital my Cloud Ex2100 Westerndigital my Cloud Westerndigital my Cloud Os Westerndigital my Cloud Dl2100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Dl4100 Westerndigital |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-918 |
18 May 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 May 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-29840
Mitre link : CVE-2022-29840
CVE.ORG link : CVE-2022-29840
JSON object : View
Products Affected
westerndigital
- my_cloud_pr4100
- wd_cloud
- my_cloud_ex4100
- my_cloud_os
- my_cloud_dl2100
- my_cloud
- my_cloud_dl4100
- my_cloud_mirror_g2
- my_cloud_pr2100
- my_cloud_ex2_ultra
- my_cloud_ex2100
CWE
CWE-918
Server-Side Request Forgery (SSRF)